Talent Pool - Active Directory (Engineer/Snr Engineer/Associate Technical Lead/ Technical Lead)

JOB DESCRIPTION Talent Pool - Active Directory (Engineer/Snr Engineer/Associate Technical Lead/ Technical Lead) Location: Sri Lanka Employment Type: Full-Time About the Role Join our newly established Active Directory Support Team as an Active Directory Administrator. You'll be part of a 5-member team dedicated to managing and supporting our enterprise identity and directory services across multiple global domains. You will play a crucial role in ensuring secure and seamless authentication for our global workforce. Note: This role provides 16 hours of daily support (8 hours on-desk, 5 days a week, and 8 hours on-call on a rotational roster). Our Identity Environment: Hybrid Directory Services: Global On-Premises Active Directory forests integrated with Microsoft Entra ID (formerly Azure AD). Authentication & Access: Kerberos, NTLM, LDAP/S, SAML, and Oauth integrations across Windows, Linux, and multi-cloud platforms (Azure, AWS, GCP). Endpoint Integration: Windows and Linux endpoints (workstations, laptops, mobile) domain-joined or hybrid-joined globally. Collaborative Support Model: Working closely as the Identity Subject Matter Experts (SME) alongside local IT and Field Support teams worldwide. What You'll Do Directory Administration: Manage Active Directory objects (Users, Computers, Groups, Service Accounts) and Organizational Units (OUs) following best practices. Authentication Support: Troubleshoot complex authentication and domain-join issues for endpoints (Windows/Linux) and applications utilizing Kerberos, NTLM, and LDAP. Server Core Administration: Support and troubleshoot Domain Controllers deployed on Windows Server Core, utilizing Remote Server Administration Tools (RSAT), Windows Admin Center, and command-line interfaces for daily maintenance. Group Policy Management: Assist in the creation, deployment, and troubleshooting of Group Policy Objects (GPOs) to enforce security baselines and configure endpoints. AD Health & Monitoring: Monitor AD replication, Domain Controller health, and Directory Services event logs (using tools like dcdiag and repadmin). Directory Automation & Reporting: Utilize PowerShell scripting to automate routine identity tasks, execute bulk object updates (users, groups, computers), and generate directory audit reports. Hybrid Identity Operations: Support Entra ID (Azure AD) sync operations (AAD Connect) and troubleshoot hybrid-join device scenarios. Cross-Platform Auth: Assist with Linux domain integration (SSSD, Realmd) and authentication troubleshooting for cross-platform endpoints. PKI & Certificate Management: Support Active Directory Certificate Services (AD CS) operations, including processing Certificate Signing Requests (CSRs), managing certificate templates, and troubleshooting client auto-enrollment issues for endpoints and servers. DNS & DHCP: Manage and troubleshoot DNS records and zones, as they relate to domain health and client connectivity. Tier 2/3 Support: Act as an escalation point for Field Support teams globally regarding identity, permissions, and directory access issues. Documentation: Maintain runbooks, standard operating procedures (SOPs), and knowledge base articles for AD support and administration. Requirements: Bachelor's degree in Computer Science, IT, or related field (or equivalent experience). for Engineer - 1-2 Years, for Senior Engineer 2-4 Years, Associate Lead - 4-6 Years and for Lead  6-8 years of experience developing production enterprise applications Solid foundational understanding of Active Directory architecture (Domains, Forests, OUs, Sites and Services). Experience with Active Directory Users and Computers (ADUC), DNS, and Group Policy Management Console (GPMC). Familiarity with navigating and managing GUI-less environments (Windows Server Core) using command-line tools and PowerShell. Foundational understanding of Public Key Infrastructure (PKI) concepts, including Certificate Authorities (CAs), digital certificates, and encryption basics. Understanding of core authentication protocols (Kerberos, LDAP, NTLM). Intermediate experience using PowerShell (specifically the ActiveDirectory module) to query directory objects, parse event logs, and execute administrative commands. Strong logical troubleshooting skills with a focus on identity, permissions, and access rights. Excellent communication skills for collaborating with global remote teams and guiding Field Support. Willingness to work in rotational shifts/on-call. Preferred: Familiarity with Microsoft Entra ID (Azure AD), AD Connect, and Hybrid Azure AD join scenarios. Ability to read, modify, and write basic PowerShell scripts to streamline repetitive identity management workflows and assist with bulk provisioning/deprovisioning. Experience managing and maintaining remote Domain Controllers running on Windows Server Core. Hands-on experience administering Microsoft AD CS and troubleshooting certificate-based authentication (e.g., LDAPS, 802.1x, VPN auth). Basic understanding of Linux identity integration (SSSD, Realmd, Winbind) for binding non-Windows machines to AD. Knowledge of enterprise identity integration with cloud platforms (AWS Directory Service, GCP Cloud Identity, SSO). Experience troubleshooting GPO application issues (using gpresult, RSOP). Relevant Microsoft certifications (e.g., SC-300: Identity and Access Administrator, AZ-800, or foundational MS-900/SC-900). Familiarity with Privileged Access Management (PAM) or Just-in-Time (JIT) access concepts. Experience with IT service management (ITSM) tools like ServiceNow. ITIL Foundation certification. Benefits: US dollar-linked compensation Performance rewards and recognition Agile Benefits - special allowances for Health, Wellness & Academic purposes Paid birthday leave Team engagement allowance Comprehensive Health & Life Insurance Cover - extendable to parents and in-laws Overseas travel opportunities and exposure to client environments Hybrid work arrangement Sysco LABS is an Equal Opportunity Employer.