Active Directory Engineer – Core Directory Services (Isolation Forests & Domains)

Dice is the leading career destination for tech experts at every stage of their careers. Our client, SRI Tech Solutions, is seeking the following. Apply via Dice today!

Role Summary

We are seeking an experienced Active Directory (AD) Engineer to design, build, and operate core Microsoft Active Directory infrastructure, with a strong focus on isolated forests, segregated domains, and security‑driven directory architectures. This role is critical to enabling secure authentication, legacy containment, privilege isolation, and enterprise identity resilience.

The engineer will own the lifecycle of AD forests and domains, partner with security and platform teams, and ensure directory services meet availability, security, and compliance requirements.

Key Responsibilities

Active Directory Architecture & Engineering

• Design, build, and maintain Active Directory forests, trees, and domains, including additional and isolated forests for security or regulatory purposes
• Implement resource forests, containment forests, and hardened domains for legacy protocols, privileged access, or application isolation
• Design and manage inter‑forest and intra‑forest trusts (one‑way, two‑way, selective authentication)
• Plan and execute domain controller placement, site topology, and replication strategy
  
  

Core AD Administration

• Deploy, patch, and maintain Domain Controllers (Windows Server)
• Manage FSMO roles, time synchronization, DNS integration, and SYSVOL
• Administer Group Policy Objects (GPOs) for security baselines and configuration management
• Manage AD objects: users, groups, computers, service accounts, and delegation models
  
  

Security & Hardening

• Enforce Active Directory security best practices and tiered administration models
• Build privilege isolation domains for admin accounts and privileged workloads
• Support initiatives such as:
• Legacy protocol isolation (NTLM, RC4, LDAP signing exceptions)
• Service account governance and gMSA implementation
• AD attack surface reduction (lateral movement prevention, tiering)
• Partner with security teams during incidents, audits, and risk remediation efforts
  
  

Migration & Transformation

• Lead or support:
• Domain and forest builds and decompositions
• Application and server migrations between domains or forests
• Legacy domain containment and modernization efforts
• Coordinate with application, server, and IAM teams to minimize disruption
  
  

Monitoring, Troubleshooting & Operations

• Diagnose and resolve:
• Replication failures
• Authentication and trust issues
• DNS and Kerberos‑related problems
• Maintain AD health using monitoring tools and best practices
• Create and maintain operational runbooks and SOPs
  
  

Experience

Required Qualifications

• 8 years of hands‑on Active Directory engineering and administration experience
• Proven experience building new forests and domains, including isolated or segmented environments
• Deep understanding of AD internals and authentication mechanisms
  
  

Technical Expertise

• Strong knowledge of:
• Active Directory Domain Services (AD DS)
• DNS, Kerberos, LDAP, NTLM
• Forest/domain trusts and authentication boundaries