Subject Matter Expert - Active Directory and Entra ID

SME for Active Directory & Entra ID

Department

None

Job Description

Job Location: Mumbai (work from office)

Exp: 6-7 years

Payroll: Quess (Client Crisil ltd)

Active Directory Fundamentals

In-depth understanding of:
DC Locator process
Kerberos authentication process
NTLM authentication process
AD replication and its components (High Watermark, UTC Table, Invocation ID, GUID, etc.)
Group Policy components and Group Policy Engine
AD trusts and their usage
AD security concepts

Migration and Transition (DC, DHCP & DNS)

Hands-on experience with transition and migration-related activities
End-to-end knowledge of Domain Controller upgrade process

Troubleshooting Skills

Strong troubleshooting skills in:
Kerberos
NTLM
Time sync
Lingering objects
Replication issues

Directory Services

Proficient in:
LDAP
Global Catalog
SPNs

Scripting and Automation

Good command of PowerShell scripting

Advanced Active Directory Concepts

Detailed understanding of:
SID filtering
SID quarantine
Selective authentication
Strict replication
Metadata cleanup process and requirements

Replication and Group Policy

In-depth knowledge of:
AD replication and its components (High Watermark, UTC Table, Invocation ID, GUID, etc.)
FRS and DFSR
Thorough knowledge of Group Policy processing

Windows Time Synchronization Configuration

NTP Server Setup: Configure and manage Network Time Protocol (NTP) servers to provide accurate time synchronization.
Client Configuration: Set up client devices to synchronize with the NTP server.
Stratum Management: Ensure NTP servers are configured with appropriate stratum levels for optimal accuracy.
Time Source Selection: Choose reliable time sources, such as external time servers or GPS.
Leap Second Handling: Implement mechanisms to handle leap seconds and prevent time discontinuities.
Security Configuration: Secure NTP servers against unauthorized access and tampering.
Monitoring and Logging: Monitor NTP server performance and log synchronization events.
Troubleshooting: Diagnose and resolve time synchronization issues, such as clock drift and synchronization failures.

Domain Name System (DNS)

DNS Server Configuration: Set up and manage DNS servers to resolve domain names to IP addresses.
Zone Management: Create and manage DNS zones, including primary and secondary zones.
Record Management: Maintain DNS records (A, AAAA, CNAME, MX, etc.) for accurate name resolution.
Dynamic Updates: Implement dynamic DNS updates for automated record management.
Failover and Load Balancing: Implement DNS failover and load balancing for high availability.
Security and Compliance: Protect against DNS-based attacks (e.g., DDoS, DNS spoofing).
Monitoring and Troubleshooting: Monitor DNS services and resolve name resolution issues.

Problem Analysis and Documentation

RCA (Root Cause Analysis) preparing skills
Documentation skills

Disaster Recovery and Backup

Knowledge of:
Disaster recovery
AD backup and restore concepts, process, and different ways

Dynamic Host Configuration Protocol (DHCP)

DHCP Server Configuration: Automate IP address assignment.
Scope Management: Manage address pools and lease durations.
Reservation Management: Ensure consistent IP for specific devices.
Failover and Load Balancing: Implement high availability.
Lease Monitoring: Optimize IP address usage.
Security and Compliance: Protect against unauthorized access.
Troubleshooting: Resolve IP conflicts and connectivity issues.

Public Key Infrastructure (PKI)

CA Deployment and Management: Issue and manage digital certificates.
Certificate Templates: Create templates for various uses.
Certificate Enrollment: Implement enrollment processes.
Certificate Revocation: Manage revocation lists.
Key Management: Securely manage private keys.
PKI Integration: Integrate with security solutions.
Policy Management: Enforce PKI policies and compliance.
Monitoring and Auditing: Monitor PKI security and performance.
Troubleshooting: Resolve certificate and key issues.

Active Directory Federation Services (ADFS)

Federation Configuration: Design and manage ADFS for SSO.
Claims-Based Authentication: Configure secure authentication policies.
Trust Relationships: Establish and maintain trust with partners.
Token Signing Certificates: Manage certificates for token security.
ADFS Integration: Integrate with other identity solutions.
Monitoring and Troubleshooting: Ensure ADFS performance and resolve issues.

Microsoft Intune

Device Management: Enroll and manage devices (mobile, desktop, and IOS) using Intune's MDM and MAM capabilities.
Policy Configuration: Create and enforce device compliance policies, configuration profiles, and security baselines.
Application Management: Deploy, update, and manage applications across various platforms.
Conditional Access: Implement conditional access policies to control access to corporate resources based on device compliance and user risk.
Endpoint Security: Understand endpoint security settings, including antivirus, firewall, and threat protection.
Remote Actions: Perform remote actions like wiping, locking, or resetting device passcodes.
Monitoring and Reporting: Monitor device status, compliance, and security events, and generate reports for insights.
Integration: Integrate Intune with other Microsoft 365 services and third-party solutions for enhanced functionality.
User Support: Provide user support for device enrollment, policy compliance, and application issues.

Expertise on Identity & Access Management – Entra ID

Microsoft Entra ID (Azure Active Directory): Configure and manage Azure AD for user authentication, authorization, and directory services.
Microsoft Entra External ID: Set up and manage external identities for partner collaboration and customer access.
Microsoft Entra ID Governance: Implement identity governance features for access reviews, entitlement management, and lifecycle workflows.
Microsoft Entra ID Protection: Configure and monitor identity protection policies to detect and mitigate identity-based risks.
Microsoft Entra Internet Access: Manage access to internet resources and applications through secure gateways.
Microsoft Entra Private Access: Secure access to private networks and resources using VPN and other secure connectivity solutions.
Microsoft Entra Permissions Management: Manage and audit permissions across applications and services to ensure least privilege access.
Microsoft Entra Verified ID: Implement verified ID solutions for enhanced identity verification and trust.
Microsoft Entra Workload ID: Manage and assign identities specifically for workloads and applications within Microsoft Entra.
Microsoft Entra Domain Services: Provide managed domain services for legacy applications and seamless integration with Azure AD.
Azure Key Vault: Securely store and manage cryptographic keys, secrets, and certificates.

Key Responsibilities:

Policy Configuration: Develop and enforce identity and access management policies across all Entra services.
User and Group Management: Manage user accounts, groups, and roles for efficient access control.
Security Monitoring: Monitor identity and access activities for anomalies and potential security threats.
Compliance and Auditing: Ensure compliance with regulatory standards and conduct regular audits of identity and access configurations.
Integration: Integrate Entra services with other Microsoft and third-party solutions for comprehensive identity and access management.
User Support: Provide support for identity and access-related issues, ensuring a smooth user experience.
Documentation: Maintain detailed documentation of identity and access management configurations, policies, and procedures.

Open Positions

None

Mandatory Skills

Active Directory, Entra ID, Windows Active Directory, DNS, DHCP Management, Identity Access Management

Education Qualification

Graduation

Experience

6 to 7 years