Active Directory L3 Engineer

Job Summary:

We are looking for a highly skilled Active Directory L3 Engineer with strong expertise in AD (On-Premises), DNS, and ADFS. The candidate will be responsible for managing enterprise directory services, handling complex escalations, and ensuring secure, highly available identity infrastructure

Key Responsibilities:

• Provide Level 3 support for Active Directory, including critical incident handling and root cause analysis
• Manage and maintain Active Directory Domain Services (AD DS) in enterprise environments
• Troubleshoot AD replication issues, including: Replication failures, Lingering objects, Metadata cleanup
• Monitor and validate AD health using tools such as: DCDiag, Repadmin
• Manage and support DNS infrastructure integrated with Active Directory, including: DNS zones and records (A, PTR, CNAME, MX, SRV, TXT), DNS scavenging and aging, Name resolution troubleshooting
• Implement and support ADFS (Active Directory Federation Services) for Single Sign-On (SSO), Claims-based authentication
• Administer and troubleshoot Group Policy Objects (GPOs)
• Manage FSMO roles, domain controllers, and AD topology
• Support Kerberos authentication, security configurations, and troubleshooting
• Perform AD security hardening, including: iered administration, Privileged access management, MFA integration
• Handle disaster recovery and backup strategies for AD and DNS
• Collaborate with cloud teams for Azure AD / Hybrid Identity integration
• Create and maintain SOPs, KB articles, and documentation
• Mentor L1/L2 engineers and support knowledge transfer

Required Skills:

• Strong hands-on experience in: Active Directory L3 Support (On-Premises), DNS (AD-integrated DNS is mandatory), ADFS (SSO and Federation)
• Deep understanding of: FSMO roles and AD architecture, AD replication and troubleshooting, Kerberos authentication and encryption, Password security and hash-related attacks
• Strong knowledge of DNS concepts, including: Record types (A, PTR, CNAME, MX, SRV, TXT), DNS scavenging and aging & DNS troubleshooting in AD environments

Good to Have:

• Experience with Azure AD / Entra ID
• Knowledge of: Anchor ID (Immutable ID, msDS-ConsistencyGUID), Hybrid identity setup
• Basic to intermediate knowledge of: PKI (Public Key Infrastructure), Identity security best practices
• Experience in: AD migrations (FRS to DFSR, domain upgrades), Large enterprise environments