Talent Pool - Active Directory (Engineer/Snr Engineer/Associate Technical Lead/ Technical Lead)

Location: Sri Lanka
Employment Type: Full-Time
 

About the Role

Join our newly established Active Directory Support Team as an Active Directory Administrator. You'll be part of a 5-member team dedicated to managing and supporting our enterprise identity and directory services across multiple global domains. You will play a crucial role in ensuring secure and seamless authentication for our global workforce.

Note: This role provides 16 hours of daily support (8 hours on-desk, 5 days a week, and 8 hours on-call on a rotational roster).

Our Identity Environment:

• Hybrid Directory Services: Global On-Premises Active Directory forests integrated with Microsoft Entra ID (formerly Azure AD).
• Authentication & Access: Kerberos, NTLM, LDAP/S, SAML, and Oauth integrations across Windows, Linux, and multi-cloud platforms (Azure, AWS, GCP).
• Endpoint Integration: Windows and Linux endpoints (workstations, laptops, mobile) domain-joined or hybrid-joined globally.
• Collaborative Support Model: Working closely as the Identity Subject Matter Experts (SME) alongside local IT and Field Support teams worldwide.

What You'll Do

• Directory Administration: Manage Active Directory objects (Users, Computers, Groups, Service Accounts) and Organizational Units (OUs) following best practices.
• Authentication Support: Troubleshoot complex authentication and domain-join issues for endpoints (Windows/Linux) and applications utilizing Kerberos, NTLM, and LDAP.
• Server Core Administration: Support and troubleshoot Domain Controllers deployed on Windows Server Core, utilizing Remote Server Administration Tools (RSAT), Windows Admin Center, and command-line interfaces for daily maintenance.
• Group Policy Management: Assist in the creation, deployment, and troubleshooting of Group Policy Objects (GPOs) to enforce security baselines and configure endpoints.
• AD Health & Monitoring: Monitor AD replication, Domain Controller health, and Directory Services event logs (using tools like dcdiag and repadmin).
• Directory Automation & Reporting: Utilize PowerShell scripting to automate routine identity tasks, execute bulk object updates (users, groups, computers), and generate directory audit reports.
• Hybrid Identity Operations: Support Entra ID (Azure AD) sync operations (AAD Connect) and troubleshoot hybrid-join device scenarios.
• Cross-Platform Auth: Assist with Linux domain integration (SSSD, Realmd) and authentication troubleshooting for cross-platform endpoints.
• PKI & Certificate Management: Support Active Directory Certificate Services (AD CS) operations, including processing Certificate Signing Requests (CSRs), managing certificate templates, and troubleshooting client auto-enrollment issues for endpoints and servers.
• DNS & DHCP: Manage and troubleshoot DNS records and zones, as they relate to domain health and client connectivity.
• Tier 2/3 Support: Act as an escalation point for Field Support teams globally regarding identity, permissions, and directory access issues.
• Documentation: Maintain runbooks, standard operating procedures (SOPs), and knowledge base articles for AD support and administration.

Requirements:

• Bachelor's degree in Computer Science, IT, or related field (or equivalent experience).
• for Engineer - 1-2 Years, for Senior Engineer 2-4 Years, Associate Lead - 4-6 Years and for Lead  6-8 years of experience developing production enterprise applications 
• Solid foundational understanding of Active Directory architecture (Domains, Forests, OUs, Sites and Services).
• Experience with Active Directory Users and Computers (ADUC), DNS, and Group Policy Management Console (GPMC).
• Familiarity with navigating and managing GUI-less environments (Windows Server Core) using command-line tools and PowerShell.
• Foundational understanding of Public Key Infrastructure (PKI) concepts, including Certificate Authorities (CAs), digital certificates, and encryption basics.
• Understanding of core authentication protocols (Kerberos, LDAP, NTLM).
• Intermediate experience using PowerShell (specifically the ActiveDirectory module) to query directory objects, parse event logs, and execute administrative commands.
• Strong logical troubleshooting skills with a focus on identity, permissions, and access rights.
• Excellent communication skills for collaborating with global remote teams and guiding Field Support.
• Willingness to work in rotational shifts/on-call.

Preferred:

• Familiarity with Microsoft Entra ID (Azure AD), AD Connect, and Hybrid Azure AD join scenarios.
• Ability to read, modify, and write basic PowerShell scripts to streamline repetitive identity management workflows and assist with bulk provisioning/deprovisioning.
• Experience managing and maintaining remote Domain Controllers running on Windows Server Core.
• Hands-on experience administering Microsoft AD CS and troubleshooting certificate-based authentication (e.g., LDAPS, 802.1x, VPN auth).
• Basic understanding of Linux identity integration (SSSD, Realmd, Winbind) for binding non-Windows machines to AD.
• Knowledge of enterprise identity integration with cloud platforms (AWS Directory Service, GCP Cloud Identity, SSO).
• Experience troubleshooting GPO application issues (using gpresult, RSOP).
• Relevant Microsoft certifications (e.g., SC-300: Identity and Access Administrator, AZ-800, or foundational MS-900/SC-900).
• Familiarity with Privileged Access Management (PAM) or Just-in-Time (JIT) access concepts.
• Experience with IT service management (ITSM) tools like ServiceNow.
• ITIL Foundation certification.