Active Directory Engineer - Houston, TX
Prasad Recruiter
Greetings for the day,
We are looking for an Active Directory Engineer in Houston, TX.
Title: Active Directory Engineer
Location: Houston, TX
Job Description:
The Windows Active Directory Engineer is responsible for stabilizing, securing, and modernizing the enterprise Active
Directory environment with a strong focus on directory cleanup, identity hygiene, replication health, and security
hardening. This role ensures AD remains healthy, compliant, resilient, and aligned with Zero Trust identity principles
across onprem and hybrid cloud environments.
Key Responsibilities
1.Active Directory Cleanup & Optimization
∙Perform comprehensive AD cleanup including stale objects, unused OUs, orphaned SIDs, legacy GPOs, and
deprecated configurations.
∙Normalize and restructure OU hierarchy, naming standards, and attribute consistency.
∙Identify and remediate duplicate SPNs, conflicting UPNs, and misconfigured service accounts.
∙Clean up old domain controllers, decommission legacy forests/domains, and remove deprecated trust
relationships.
∙Conduct ACL cleanup to eliminate excessive permissions and privilege creep.
2.AD Security Hardening & Identity Protection
∙Implement CIS/NIST/Microsoft security baselines for domain controllers and AD objects.
∙Harden authentication by reducing NTLM, enforcing Kerberos protections, and implementing authentication
policies/silos.
∙Deploy and maintain Privileged Access Workstations (PAW) and tiered admin model (Tier 0/1/2).
∙Remediate identity vulnerabilities such as DC Sync exposure, unconstrained delegation, Golden Ticket risks, and
weak ACLs.
∙Integrate AD logs with SIEM platforms (Sentinel, Splunk, QRadar) for continuous monitoring.
∙Implement secure service account management, including gMSA adoption and rotation policies.
3.AD Replication Health & Domain Controller Management
∙Monitor and maintain AD replication topology, site links, and intersite connectivity.
∙Troubleshoot replication failures (USN rollback, lingering objects, tombstone issues).
∙Perform authoritative and nonauthoritative restores as needed.
∙Ensure domain controllers are patched, hardened, and compliant with security standards.
∙Validate SYSVOL health (DFSR), replication convergence, and GPO consistency.
4.Group Policy Management & Cleanup
∙Audit and clean up legacy, conflicting, or redundant GPOs.
∙Standardize GPO structure, naming, and versioning.
∙Implement GPO security baselines for servers, workstations, and privileged accounts.
∙Troubleshoot GPO processing issues and configuration drift.
5.Hybrid Identity & Azure AD (Entra ID) Integration
∙Support and optimize Azure AD Connect sync, attribute flows, and identity lifecycle.
∙Remediate sync errors, duplicate identities, and hybrid identity conflicts.
∙Implement Conditional Access, MFA enforcement, and modern authentication policies.
∙Support migration toward Zero Trust identity and passwordless authentication.
6.Documentation, Governance & Continuous Improvement
∙Maintain detailed documentation of AD topology, GPOs, replication, and security configurations.
∙Develop identity governance standards, naming conventions, and lifecycle processes.
∙Provide recommendations for AD modernization, consolidation, and longterm stability.
∙Participate in audits, compliance reviews, and security assessments.
Required Skills & Experience
∙5–10+ years of handson experience with Active Directory, DNS, DHCP, GPO, and Windows Server.
∙Deep expertise in AD cleanup, replication troubleshooting, and security hardening.
∙Strong PowerShell skills for automation and bulk remediation.
∙Experience with Azure AD / Entra ID, hybrid identity, and AAD Connect.
∙Familiarity with SIEM, identity threat detection, and AD attack paths.
∙Understanding of Kerberos, NTLM, LDAP, SAML, OAuth, and modern auth.
Preferred Qualifications
∙Knowledge of Red Forest / ESAE, Tiered Admin Model, and Zero Trust identity.
∙Certifications: Microsoft Identity & Access Administrator (SC300), Azure Administrator
Prasad
AB Tech Solutions
1604 Spring Hill Road, Suite 208, Vienna, VA 22182