Active Directory & Entra ID Engineer

Job Summary

Seeking a skilled Active Directory & Entra ID Engineer-L2 to support and maintain enterprise identity and access management services. The role involves managing day-to-day operations of Active Directory Entra ID (Azure AD) and related identity services ensuring availability security and compliance across the environment.

The ideal candidate will be experienced in AD/Entra administration troubleshooting and automation with the ability to work independently while collaborating closely with other engineers.

Key Responsibilities

Active Directory Administration

• Administer manage and support Domain Controllers across multiple domains and forests.
• Perform promotion and demotion of domain controllers as required.
• Manage forest-level administration domain and forest trusts and functional levels.
• Configure and maintain Active Directory Sites and Services for optimized replication and authentication.
• Design implement and manage Group Policies (GPOs) across enterprise environments.
• Perform regular AD health checks database maintenance and replication remediations.
• Manage SYSVOL Global Catalog servers FSMO roles and Windows Time Services.
• Implement and maintain AD backup and recovery strategies.
• Build configure and troubleshoot Windows domain controllers (physical and virtual).
• Ensure vulnerability management and patch compliance for AD infrastructure.
• Install and configure support tools and monitoring agents on domain controllers.
• Manage Certificate Services and provide advanced support for PKI environments.
• Administer user group and service accounts in Active Directory.
• Manage roaming profiles folder redirection and cloud storage access controls (Azure storage accounts).
• Willingness to work in a 24*7 support environment.

Hybrid Identity & Entra ID (Azure AD)

• Build configure and manage Entra Connect / Entra Sync servers.
• Manage synchronization rules processes and resolve sync errors between AD and Entra ID.
• Administer Azure roles Administrative Units and RBAC in Entra ID.
• Manage Entra ID Application Registrations (OIDC and SAML-based).
• Design and configure Conditional Access Policies for secure access management.
• Manage custom domains service principals privileged accounts and dynamic groups in Entra ID.
• Provide advanced support for Privileged Identity Management (PIM).
• Collaborate with IAM teams to integrate OKTA or other IAM tools where applicable.

Operational Excellence & Support

• Act as first point of escalation for identity-related incidents and service requests.
• Troubleshoot and resolve AD/Entra connectivity authentication and access issues.
• Follow incident problem and change management processes.
• Document issues root causes and resolutions in ticketing systems.
• Develop and maintain standard operating procedures (SOPs).
• Participate in on-call rotation and after-hours support as needed.
• Escalate complex issues to SMEs with appropriate diagnostics.

Automation Reporting & Documentation

• Use PowerShell and other scripting tools for routine automation and reporting.
• Maintain and update system configurations health reports and service dashboards.
• Assist in developing automation scripts for account management and environment maintenance.
• Ensure technical documentation and knowledge base articles are accurate and up to date.

Required Skills

• 6-8 years of hands-on experience in Active Directory and Entra ID administration.
• Strong understanding of Windows Server OS DNS PKI and authentication concepts.
• Working knowledge of PowerShell scripting for identity and server management.
• Familiarity with IAM tools (OKTA Ping or similar) is a plus.
• Good understanding of networking fundamentals and cloud identity concepts.
• Excellent troubleshooting communication and documentation skills.
• Ability to work independently and collaborate effectively in a team environment.

Preferred Certifications

• Microsoft Certified: Windows Server Hybrid Administrator Associate
• Microsoft Certified: Identity and Access Administrator (SC-300)
• Microsoft Certified: Azure Administrator Associate (AZ-104)
• ITIL Foundation Certification (preferred)