Active Directory Access Control
Resume:
Sweta T
***********@*****.***
PROFILE SUMMARY
MCSE-certified Active Directory Engineer with 8+ years of experience in designing, deploying, and managing secure, scalable AD environments. Proficient in AD DS, Group Policy, DNS, DHCP, and Azure Entra integration, IAM, with expertise in security hardening, disaster recovery, and role-based access control (RBAC). Strong troubleshooting skills, leveraging PowerShell automation to streamline AD management and optimize efficiency. Adept at implementing best practices for security, compliance, and performance tuning to enhance enterprise IT operations.
Core Competencies Azure Proficiency
•On Prem AD and Azure AD
•Azure AD Connect
•Active Directory 2008, 2012, 2016 Design, Consulting, Administration and Migration
•Multi Forest AD and Trusts
•AD GPO Deployment.
•DHCP, ADCS(PKI), DNS Design, Consulting, Administration and Migration
•Office 365, ADFS Exchange 2003, 2007, 2010, 2013 and 2016 Design, Consulting, Administration and Migration
•Azure AD and traditional on prem AD
•Conditional Access and Group Policy
•Azure virtual machines provision
•Azure storage and backup
•Azure Site Recovery and Azure Replication
•Azure app client secret key enable and renewal
•Azure AD connect Configuration and Management
•Azure AD user management
•Azure VM patching
TECHNICAL SKILLS:
•Solid knowledge of Microsoft Domain Controller Server 2008 R2/ 2008/ 2012/ 2012 R2/ 2016/ 2019/ 2022.
•Active Directory Domain Services (AD DS) – Design, deployment, and maintenance of multi-domain forests and trusts
•Group Policy Management (GPOs) – Creating, enforcing, and troubleshooting policies for security & compliance
•Domain Name System (DNS) & Dynamic Host Configuration Protocol (DHCP) – Configuration and troubleshooting
•Kerberos & NTLM Authentication – Understanding authentication protocols and security enhancements
•FSMO Roles & Replication – Managing and optimizing AD roles for performance and redundancy
•Security & Compliance:
Role-Based Access Control (RBAC) – Implementing least privilege and access management strategies
Identity & Access Management (IAM) – Securing user identities and implementing MFA, SSO
Active Directory Hardening – Implementing security baselines, auditing, and monitoring
Privileged Access Management (PAM) – Using tools like Microsoft Identity Manager (MIM) & Just-In-Time (JIT) access
•Cloud & Hybrid Integration:
Azure Entra ID (Azure AD) – Syncing, managing hybrid identity, and securing cloud authentication
Azure AD Connect & ADFS – Managing identity synchronization and authentication
Conditional Access Policies – Enforcing security controls in cloud environments
Microsoft 365 & Exchange Integration – Managing identity and authentication for cloud services
•Automation & Scripting:
PowerShell Scripting – Automating AD tasks, user provisioning, and compliance checks
Infrastructure as Code (IaC) – Using Terraform, Ansible for AD infrastructure automation
REST APIs & Graph API – Integrating with Azure AD and Microsoft services
•Disaster Recovery & Performance Optimization:
Backup & Restore Strategies – AD recovery using Veeam, AD Recycle Bin, authoritative/non-authoritative restores
Troubleshooting & Performance Tuning – Identifying and resolving AD replication, authentication, and GPO issues
EMPLOYMENT DETAILS:
Active Directory Engineer 06/2021 - 09/2023
Client: Microsoft
Concentrix, Pune – Maharashtra, India.
Responsibilities:
•Administration level knowledge of Microsoft Operating Systems, Microsoft Azure Active Directory, Office 365, and Windows Operating Systems.
•Administration of Windows Server 2012 R2 / 2016 / 2019 / 2022.
•Extensive experience with Active Directory GPO’s, AD Schema, OU's, Forests, Sites, DHCP, DNS, firewalls, LAN/WAN switching and Backup & Recovery, File & Print Server, IIS (Web Server), FTP, Terminal Server.
•Hands-on experience with provisioning and managing Azure Active Directory like Identity Access Management (IAM), Privilege Identity Management (PIM), Multi Factor Authentication (MFA), Conditional Access, AD connect services, Azure AD integration and IAM services, Access Control/Authorization, RBAC.
•Expertise in Migration Using Quest Migration Manager Tool for Active Directory.
•Provide support for high-priority issues and perform in-depth technical root cause analysis.
•Strong exposure to utilizing PowerShell in management of systems.
•Experienced in performing vulnerability remediation including reviewing the scan results, developing, and implementing fixes, etc.
•To configure and manage Active Directory Integrated DNS Zone in Windows Server.
•Manage Windows web services and general Windows server configurations, including patch installation and web server security.
•Scripting to automate redundant tasks.
•Design, implement, and support AD environments, monitor performance, and troubleshoot ADDS issues like AD replication, DFS Replication.
•To create and manage OU, Users and Groups on Active Directory.
•To create and link group policy object in Windows Server.
•Maintain and manage Citrix applications, publish content and desktops to users, and gather requirements from business users
•To configure Account Lockout Policies & Fine Grained Password Policies.
•To backup, restore and import Group Policy Objects in Windows Server.
•To create and manage Active Directory Sites and Subnets in Windows Server.
•To configure Active Directory Replication and Site Link in Windows Server.
•Troubleshooting and fixing any technical issues related to Kerberos authentication and NTLM authentication including multiple account lockouts domain and forest wide.
•To configure and manage Active Directory Integrated DNS Zone in Windows Server.
•To create and manage user accounts in Azure Active Directory.
•To create Bulk User Accounts in Azure AD using CSV File.
•Worked extensively with Active Directory services, Citrix Delivery Service Console, Group Policy Management & Computer Management. Managing the Active Directory for Virtual Desktops with User Permissions.
•Support on-premises Active Directory with O365 (DirSync).
•To assign Azure AD Roles to User or Group using Azure AD Portal.
•To configure Default User Permissions, External Collaboration Settings in Azure AD.
•To create and manage Static and Dynamic Groups in Azure Active Directory.
•To change Static Group Membership to Dynamic in Azure AD.
•To setup Self-service Group Management in Azure Active Directory.
•To add and manage Guest User Accounts in Azure Active Directory.
•To setup Email One-time Passcode Authentication for Guest User in Azure AD.
•To create Dynamic Group for all Guest Users in Azure AD.
•Maintaining and managing Citrix applications
•To configure the Expiration Policy for Microsoft 365 Groups in Azure AD.
•To assign License to User and Group in Azure AD.
•Installing monthly Windows patches using SCCM
•Coordinating, implementing, and communicating any system changes that are to be made
•Deploy software update on Windows servers and client machines
•Rolling out Windows 11 on all client machines
•Train users and employees on how to use Citrix applications
•Installing and optimizing Windows server environment
•Configuring MDM, authenticator on mobile devices for users
Active Directory Specialist 04/2019 - 06/2021
Client - Intel
Infosys, Pvt LTD. Pune, Maharashtra
Responsibilities:
•Support multiple AD forests, including multiple domains multiple forest infrastructure, running On premise as well as Microsoft Azure Platform.
•Implemented and maintain the physical hardware and virtual infrastructure using Virtual Center Server v5.5 and 6.0 with a mixture of ESXi 5.5/6.0/6.5 consisting of 600 physical hosts with 6000-7500 virtual machines.
•Experience in AD migrations using Quest Migration Manager.
•Manage Active Directory users, groups, access, GPO and Organizational Units in different domains and maintaining their permissions and delegation of permissions.
•Create, delete, and disable user accounts in Azure AD.
•Reset user passwords and manage password policies.
•Update user profile information, such as name, contact details, and job title.
•Utilize Azure AD Privileged Identity Management to manage and control privileged access to Azure AD resources.
•Assign and revoke user licenses for Azure AD-integrated services.
•Enable and configure multi-factor authentication (MFA) for user accounts.
•Patch management review via Power Shell script to discovered current patch status and deploy patches to effected systems, implemented Windows Update Services (WSUS) to schedule updates.
•Disaster Recovery planning of VMware environment using VMware Site Recovery Manager (SRM) and other manual replication methods such as storage replication and snapshots followed by fail-over testing and validation.
•Work with developer to troubleshoot LDAP connection to query multiple AD domains.
•Experienced in Active Directory GPO, experience rolling out and modifying GPOs down to the sub level.
•Responsible for configuring Advanced Server 2012R2/2016/2019/2022 services.
•Install, configure, test, and maintain operating systems, application software, and management tools.
•Manage user profiles in the cloud to ensure a consistent experience
•Create and maintain documentation and procedures for Windows Active Directory and Server engineering/administration.
•Create Active Directory users, OU groups, and understand how to apply NTFS and share level permissions.
•Skilled in PowerShell scripting and automation.
•To configure Secondary DNS Server and a DNS Stub Zone in Windows Server.
•To configure DNS Forwarder and Conditional Forwarder in Windows Server.
•To configure DNS Aging and Scavenging in Windows Server.
•To backup and restore Active Directory Integrated DNS Zones.
•To create and manage DHCP scopes in Windows Server.
•To configure DHCP Fail-over on Windows Server.
•To install and configure DFS Namespaces, DFS Replication in Windows Server.
•Created the user accounts and profiles, assigned permissions using Active Directory, a directory service which contains information of all user accounts and which optimizes the network traffic. It provides the user logon and authentication services using Kerberos.
•Analyzing server logs, diagnosing issues, and troubleshooting server and application-related problems. Implementing proactive monitoring and alerting mechanisms.
•Deployed O365 to all workstations and configured it for all users in the organization via O365 online.
•Work with Vendors like HP, IBM, DELL and Microsoft for hardware support, replacement upgrade and Cloud subscriptions.
•Proactive monitoring and maintenance of the virtual machines running in Cloud Platforms like Microsoft Azure like New Relic and Dynatrace.
•Perform all Services in Compliance with Walgreens Processes (IT IL) which includes Change Management, Incidents, Service Requests & Problem Management (BMC Remedy/Jira).
•Detailed analysis to understand requirements, getting approval from CAB, implement changes, review system performance to detect and resolve issues during deployment, document changes.
System Admin 08/2017 - 03/2019
Global Talent Track
Client: Global Talent Track
Responsibilities:
•Installation, Configuration, and Administration of Windows Servers and Domain Controllers.
•Involved in maintaining the Active Directory Objects and GPO management.
•Involved in Domain Consolidation within Forest.
•Manage and administer all aspects of user account management such as password, group, and privilege management for user access across entire domain
•Supports both local and remote end users by troubleshooting/researching daily issues, deploying systems, and tracking assets
•Addresses work requests in accordance with established service level commitments
•Establish/manage remote access for users through RDP connections
•Manage and maintain a smooth operation of workstations while working with network, software, and hardware engineers that are remote and on site.
•Deep knowledge of Wintel platforms, and Domain, PDC, DNS, WINS, DHCP
•Supporting and managing Windows 2008 / 2012 / 2016 solutions and configurations including strong knowledge of Windows Active Directory
•Perform server related regular operational tasks on the infrastructure across the team’s managed locations
•Troubleshooting MS Outlook mail flow issues
•Manage Exchange Online users, manage recipients - create, modify, delete, shared mailbox, recover deleted emails
•Create Active Directory users, OU groups, and understand how to apply NTFS and share level permissions.
•Managing AD(DSRM and System State Backup) and AD databases/ Backups/ Repair/ Recovery.
EDUCATION
•Bachelor of Computer Science and Engineering from GH Raisoni Academy of Engineering and Technology Nagpur, Maharashtra, India. (Nagpur University, 2014-2017).
•Diploma from Government Residential Womens Polytechnic Yavatmal, Maharashtra(MSBTE,2011-2014)
Contact this candidate