Active DIrectory Administrator
Please note that this position requires a DoD Secret Security Clearance.
Our Military client is seeking an Active Directory administrator to perform duties of a SME level for the integration of Active Directory infrastructure.
- Implement server requirements, client configuration, configure DNS for Direct Access, and configure certificates for Direct Access.
- Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME, and MX records; configure zone scavenging; configure record options, including Time to Live (TTL) and weight; configure round robin; configure secure dynamic updates.
- Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, and configure notify settings.
- Configure Active Directory integration of primary zones, configure forwarders, configure Root Hints, manage DNS cache, create A and PTR resource records.
- Create and configure scopes, configure a DHCP reservation, configure DHCP options, configure client and server for PXE boot, configure DHCP relay agent, authorize DHCP server.
- Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings.
- Back up Active Directory and SYSVOL, manage Active Directory offline, optimize an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active Directory Recycle Bin.
- Add or remove a domain controller from a domain, upgrade a domain controller, install Active Directory Domain Services (AD DS) on a Server Core installation, install a domain controller from Install from Media (IFM), resolve DNS SRV record registration issues, configure a global catalog server.
- Automate the creation of Active Directory accounts; create, copy, configure, and delete users and computers; configure templates; perform bulk Active Directory operations; configure user rights; offline domain join; manage inactive and disabled accounts.
- Configure group nesting; convert groups, including security, distribution, universal, domain local, and domain global; manage group membership using Group Policy; enumerate group membership; delegate the creation and management of Active Directory objects; manage default Active Directory containers; create, copy, configure, and delete groups and OUs.
- Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts.
- Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning.
- Responsible for Contract Monthly Deliverables directly related to contract.
- Implementation and configuration of Security Technical Implementation Guidelines (STIGS) and maintenance of STIG revision history related to Cybersecurity.
- Remediation of patch vulnerabilities using tools such as ACAS Scans.
- Experience using cybersecurity tools such as SCAP Scanning / InstallRoot for PKI implementation.
- Candidate should have a minimum of 15 years of experience designing, maintaining and managing enterprise scale Active Directory Domain Services (AD DS) deployments.
- Candidate should have experience in configuration and troubleshooting of architecture areas such as ADFS, Direct Access, Certificate Services/ PKI Authentication, Terminal Server Farms, Optimal and OVD. Additionally, candidate should have Cloud sharing using Azure and Office 365 experience.
- Experience configuring Active Role Servers (ARS)
- Advanced level experience in creation of Powershell Scripting for tasks automation.
- Must possess at minimum current Active Secret Clearance.
- Must have a current CompTIA Security +CE with expiration date no less than 6 months.
- Additional industry Certifications (Microsoft). Preferably MCSE or MCSA.
- Have the ability to resolve TIER III level tickets (Master level) within a timely manner based on expertise within Active Directory.
- Intermediate level experience managing a large-scale Enterprise environment with multiple Domains.
- Intermediate level experience troubleshooting server issues and diagnosing root cause of issue.
- Must have in-depth experience in supporting at an Advanced Level:
- Microsoft Active Directory infrastructure, including Hands-on experience administering Microsoft Active Directory.
- 2008 R2/2012 R2 in a multi-site and multi-domain organization.
- Microsoft WSUS infrastructure.
- ADFS infrastructure.
- DNS infrastructure.
- AD Replication.
- Must have in-depth knowledge of Group Policies to include WMI Filtering and understanding the importance of Precedence within them.
- Expert level experience with RDS Technology and licensing.
- Understanding of PKI Infrastructure to include DoD Certs and ADFS Infrastructure.
- Intermediate level experience with PowerShell scripts with the ability to create and modify scripts as needed within environment.
- Strong working knowledge of standards and protocols: TCP/IP, DNS, DHCP, WINS, SMTP, RPC, HTTPS; including knowledge of forest to forest trusts
- Scripting expertise on Windows Server 2008 – 2012 as well as knowledge of IIS and networking concepts, VPN’ s, etc.
- Must be willing to work on call and after hours to support Operations worldwide.
- Maintain and understand systems, regulatory requirements, and security of hosting systems.
- Ability to create and manage Group Policies including GPO precedence, enforcement and blocking.
- OCSP infrastructure management and troubleshooting skills.
- Active Directory Federation Services.
- Smart card authentication management and troubleshooting skill.
- Active Directory Certificate Services (ADCS).
Job Status: Full Time