Active Directory Server Administration
Resume:
Christopher N. Nguyen
SUMMARY:
**+ years of successful experience designing, managing, migrating, and supporting IT networks/systems consisting of Windows 2012/2016/2019 R2 Server, Exchange 2016/2019, Active Directory, DHCP, WINS, DNS and SCCM, Commvault Backup and Recovery, F5 Big-IP LTM/GTM, Citrix NetScaler, Citrix Presentation/XenApp, and EMC SAN/NAS Enterprise Storage, Cisco UCS B200 M Blade ;VMware vCSA/vSphere Esxi 7.0/8.0.
Expertise in Windows /2016/2019 Administration, Active Directory Administration, and Administration, GPO Admin, Exchange 2016/2019, Commvault Backup; SQL Server Administration, Web Server Administration, VMware vCenter/vSphere 6.0/6.5/7.0/8.0 Administration, also VMware AirWatch and IBM Maas360
Provided support, implementation, and design services for Microsoft Azure core services as well as AD (Entra ID), including directory and identity management solutions. Resolved completed assigned tasks and change requests and acts as an escalation for support issues. Applies new solutions through research and collaboration with the team and determines a course of action for new application initiatives.
Implemented new software solutions as required by the business, the core infrastructure technology duties include Microsoft Azure AD (Entra ID), Azure AD Connect, ADFS, Azure Key Vault, and policy configuration.
Utilized FISMA compliance to implement enterprise-wide security controls based on NIST guidelines, such as NIST SP 800-53, Federal Information Processing Standards (FIPS) 199, and FIPS 200
EDUCATION:
Northern Virginia Community College, Annandale, VA
Computer Science & General Studies
Certifications: MCSE; MCP; VCP; ITILv3
TECHNICAL SKILLS
Server and Storage hardware (Cisco UCS, HP, NetApp, Nutanix, Pure Storage)
Microsoft Windows Server platforms and services (Active Directory, DNS, DHCP, PKI, PowerShell)
System Management (Microsoft Systems Center, SolarWinds, SCCM/MECM, Dynatrace)
Knowledge of Web Access Management and SSO technologies (SAML, OAuth and Okta)
Virtualization and Cloud (VMware, Citrix, Hyper-V, Azure)
Identity and Access Management (Active Directory, FIM/MIM, SSO/ADFS)
Enterprise Backup and Disaster Recovery (vSphere Data Protection, Site Recovery Manager, Commvault)
Enterprise Messaging (Exchange, M/Office 365)
System Security (Intune, Defender, vulnerability assessment and remediation, Anti-Virus, Host-based Firewall)
Web Server platforms (IIS, Apache, SharePoint)
PROFESSIONAL EXPERIENCE:
General Dynamics Information Technology – (Intelligence and Homeland Security Division; Priority Telecommunications Services (PTS); ECD; DHS; CISA)
Sr. Systems Administrator February 2022-Present
Monitoring and managing infrastructure and security in the Azure Government Cloud using the Network Operations Center (NOC) and the Security Operations Center (SOC).
Maintained daily operations, monitoring, problem identification/resolution of VMware server/systems (vCenter 8.0/vSphere 7/8.), applications, and analyzing activity and performance ensuring system/application is providing optimum performance and availability.
Deployed and optimized Azure Infrastructure resources, such as Virtual Machine Scale Sets, Availability Sets, Network Security Groups, Storage Accounts, Managed Disks, and Azure Site Recovery
Accountable patching, imaging, application develop, and as required architect and design using the Microsoft System Center Configuration Manager (SCCM) or currently known as Microsoft Endpoint Configuration Manager (MECM)
Administered/maintained Active Directory Forest domain which included creating and configuring users, computers and groups as well as determining group policy pushes down to domain user groups
Managed Azure Entra ID, Group Policy, Sites and Services, Active Directory Connect, Federation, NTFS Permissions, DHCP, DNS
Utilized Intune for device provisioning, software and policy installation/configuration, as well as operations and maintenance of device management.
Implemented Microsoft Windows automation scripting with PowerShell and Graph managing Azure/M365
System Administration for Microsoft Azure environment and managing cloud services including Azure Entra, Policies, Storage, VMs, Web Services, NSGs, DNS, GPO Management, and Microsoft Defender,
Provided schedule and PTS in support of ECD required approvals and respond to requests for data and clarifications in a time frame that supports the required schedule.
Maintained PTS applications in the Azure Government cloud which sent all outbound emails to a DHS Proofpoint relay server for it to route to the destination mailbox within or external to DHS.
Utilized incident management and change management processes via ServiceNow to implement and process change requests for PTS OSS applications combine user acceptance testing for its internal users with that for ECD users.
Supported ongoing data transfers between the PTS OSS and the GETS and WPS service providers using SFTP server (MoveIT) in the Azure Government Cloud in coordinating with the service providers to implement configuration changes for subscription and provisioning of data sharing.
Ensured that all the necessary accounts are created and confirm that the SFTP server is available and accessible from the service provider network.
Implemented and maintained additional testing in Azure to confirm a successful version update before opening end user access to the live production PTS OSS in Azure. Created technical cutover plan, including a well-defined timeline and schedule of cutover activities, and communications plan, and use it to execute this task.
Monitoring and managing systems that operate through VMware services to include vSphere and vCenter, also included installing and maintaining virtual servers, troubleshooting technical problems, and developing and maintaining backup procedures.
ZantechIT Services – (U.S Department of Commerce- Bureau of Economic Analysis)
Lead Systems Administrator March 2017-Januaury 2022
Provided onsite within data center located in Bowie, MD and client/customer at Federal Suitland Center for all BEA region wide
Regularly apply patches on EXSi hosts, in using DRS groups and rules to keep critical VMS (AD, DNS and KMS) on designated EXSi hosts.
Effectively used vmotion to live migrate virtual machines from one host to another and of live migration of virtual machines between different clusters within the same vCenter Server.
Administered and maintained Microsoft Exchange 2016/2019/O365/M365
Deployed and optimized Azure Infrastructure resources, such as Virtual Machine Scale Sets, Availability Sets, Network Security Groups, Storage Accounts, Managed Disks, and Azure Site Recovery
Utilized Nutanix in HCI to enable seamless access to virtual apps and desktops for Citrix Virtual Apps and desktops
Utilized Nutanix NDFS, in in client-server communication onto vSphere hosts that reduces high latency hops between switches in NFS data paths.
Made effectively in device provisioning, software and policy installation/configuration, operations, and maintenance of device management infrastructure using Intune from Maas360.
Managed iOS and Android set up enrollment and deploy apps and policies to users and devices, this included device provisioning for new and existing devices using Windows Autopilot, configuration of device-based policies, applications, services, settings in accordance with standards and project/operational requirements.
Configured for all iOS and Android policies and features, which included secure authentication and deploying apps
Accountable patching, imaging, application develop, and as required architect and design using the Microsoft System Center Configuration Manager (SCCM) or currently known as Microsoft Endpoint Configuration Manager (MECM)
Utilized SCCM to deploy Windows Servers and Windows 10, patch/update servers/desktops to deploy applications.
Installed SCCM site servers and site server roles and configuring SCCM boundaries and boundary groups
Utilized Intune for device provisioning, software and policy installation/configuration, as well as operations and maintenance of device management.
Installed and implemented Okta Access Gateway for securing access to on-prem apps and protecting hybrid cloud infrastructure integrated Okta SSO for more than 150 applications with MFA enabled at Okta level and app-level
Integrated various applications like Splunk, WorkspaceOne, BOX, Webex and Teams which used varying API tokens for cross platform applications.
Configured SCCM operating system deployment task sequences (or equivalent experience with MDT/WDS) and leveraged SCCM to provide security updates, cumulative rollups, hotfixes, and other updates as necessary to workstations and servers.
Maintained VMhost servers using VMware 4.0/5.0/5.5/6/vSphere/vMotion and maintaining Hyper - V server core and Windows servers in 2012/2016/2019
Implemented, configured and maintained Microsoft 365, Azure AD, Azure AD Connect, Active Directory, Active Directory Federation Services (ADFS), SAML, SSO, and Open ID Connect (OIDC).
Used of Azure Management and Governance and how to implement with the Microsoft Office 365 Security Center - deploying policies and other best practice configurations and reviewing message traces and audit logs.
Configured and optimized Azure networking services, including Virtual Networks, VPN Gateway, Azure Firewall, Front Door, and Azure Load Balancer
Managed Azure Entra ID, Group Policy, Sites and Services, Active Directory Connect, Federation, NTFS Permissions, DHCP, DNS
Utilized software application which is tightly coupled with optimized IT infrastructure (compute, storage, networking, accelerators, middleware stacks – individually or in combination).
A compute-centric solution, whether on-prem, managed, in the cloud, or a hybrid.
A data-intensive solution that requires massive amounts of storage and/or specialized data management.
Designed and produced product offerings for the field using security suites, PKI, Federated Identity Manager, Access/Authentication Manager, and DLP. Solutions that prepared companies for the next steps of Role-Based discovery and implementation for RBAC.
Configured Citrix server policies, Load Management and Printers in the Farm.
Expertise in creating Citrix Streaming Profiles and Publishing Applications to users in Citrix XenApp for VDI in a box solution
Provided Dell physical and virtual servers involving upgrading, installing, configuring and securing Windows server 2012/2016/2019
Administered/maintained Active Directory Forest domain which included creating and configuring users, computers and groups as well as determining group policy pushes down to domain user groups
Used cloud-based solutions (Azure) of migrating of physical and virtual servers to cloud provider
Maintained storage area networks and associated technologies that included EMC, Dell and Tintri
Proficiency in PowerShell scripting for administration, automation of processes, and issue resolution
Extensive experience in implementing High Availability Solutions, such as Replication, Log shipping, Clustering and Mirroring on physical and virtual machines
Performed analysis and troubleshooting for various Microsoft server issues on hardware pertaining to Dell and HP related servers physical and virtual (VMware Esxi 5.0/5.5/6.0/6.5 and Hyper-V)
Provided technical support to system development, database administrators, data security, data communications and helpdesk/service desk on system and application resolution of system errors
Configurated services for persisting state on data or external state, thus from the traditional model, where a separate data layer handles data persistence.
Made provisioning for new and existing devices using Windows Autopoilt, configuration of device-based policies, standards, and guidelines.
Used API gateway, instead of calling services directly, clients call the API gateway, which forwards the call to the appropriate services on the back end.
Composed and administering networks with mixed Windows 2012/2016/2019 R2 Enterprise server environment including configuration, operation and maintenance of systems that are desktop computers, and telephone systems that included optimizing system operations and resource utilization, and performs capacity analysis
In-depth working knowledge of Windows 2016/2019 R2 Standard/Enterprise Server, Microsoft High Availability Failover Clustering, Terminal Service, AD, Citrix Presentation/Xenapp, NetScaler, Symantec Corporate End Point Solutions, MS SQL 2012/2014, MS Exchange 2007/2010/2013, and VMware vSphere 6.5/6.7 with ESX/ESXi 6.0/6.5/7.0, and F5 Big IP-LTM/GTM
Achievements:
Streamlined method of migrating new user accounts and amended licenses to Office 365 cloud/hybrid environment
Streamlined within O365 setting up and configuring groups, resources and shared mailboxes
Replaced SaaS based MDM (Maas360) for Intune integration for Endpoint configuration management
Diagnosed sync issues between AD and Office 365 with all aspects of accounts
Installed and configured complete end to end solutions like FlexPod, MS-SQL 2014 Cluster, VMware Cloud,Citrix Cloud which included installing Storage, Server, Application and Cisco networking for optimized performance
Inova Health System, Sterling, VA March 2015-December 2016
Sr. Network Systems Architect
Supporting on site within datacenter client/customer at all INOVA health care facilities region wide
Administered an (10) node Exchange 2010 servers by providing efficient mail routing through SMTP services on separate Windows 2003 servers as well as internal and external DAG’s and DNS servers
Responsible for deploying Airwatch into INOVA infrastructure that included Console, Device/Services,Secure Email Gateway’s and Mobile access Gateway nodes
Administering and troubleshooting on a daily basis all aspects of Airwatch pertaining to all units including tablets, mobile phones and corporate owned devices
Advanced experience supporting applications on the Windows IIS platform, in an multiple web server load balanced environment Strong understanding of infrastructure technologies and systems such as dns, ssl, load balancers (F5 BigIP), and firewalls
Co-ordinated with application team to understand their application nature and worked with build team to have generated build packages for .Net applications
Testing in working in the build organization as part of the AWS Practice team providing technical support needed for proof of concept as part of business unit and architecting quick start solutions for implementation to production
Tested internal clients to move to AWS cloud and eliminating the use of internal data center
Set-up AWS CloudWatch metrics and built centralized dashboards for capturing data profiling details from real-time ingestion of data in Spark and its movement along the pipeline
Proficiency in PowerShell scripting for administration, automation of processes, and issue resolution
Understanding of perimeter SMTP appliances such as Cisco IronPort SMTP routing appliances
Understanding of Electronic Records Management and document lifecycle
Familiar with diagnosing issues related to Networking components (e.g., firewalls, load balancers, web browsers, TCP/IP, SSL, HTTP, LDAP, etc.)
Due to compliance and auditing of HIPPA of its information security program, security policy and remediation were put in place in order to achieve HIPPA outcomes, INOVA Health Systems focuses on key area: Addressing security-related issues that contributed to the information material weakness reported in the audit
Trouble shoot and Escalate tickets on customer account issues and service impacted for Windows 2008 R2/2012 R2 servers programs and application services as well as troubleshoot and escalate tickets affecting local and regional offices
Performed analysis and troubleshooting for various Microsoft server issues on hardware pertaining to Dell and HP related servers physical and virtual (VMware Esxi 5.0/5.5/6.0 and Hyper-V)
Installation, testing, implementation, and updating of in house and third party system software application packages via SCCM
Provides technical support to system development, database administrators, data security, data communications and helpdesk/service desk on system and application resolution of system errors
Handle incident reports from application support teams, registering calls using available tools, and escalating promptly as needed
Highly motivated, works well without constant supervision, capable of close interactions to respond to service requests and thoroughness in problem solving
Ensured tasks & projects are completed in a successful & timely manner. Exhibited ability to resolve problems effectively, efficiently & with minimal supervision required to ensure minimal disruptions & unplanned downtime of the network infrastructure. Facilitates problem resolution, escalations, and system-wide troubleshooting and support with a demonstrably superior level of proficiency
Agilex Technologies/Accenture Federal Services (US Dept of Veterans Affairs), Chantilly, VA
Sr. Network Engineer August 2014-March 2015
Supporting on site with client/customer at the Department of Veterans Affairs located in 810 Vermont Ave, Washington, DC
The VA Department continues to face significant challenges in complying with the requirements of FISMA due to nature and maturity of its information security program. In order to achieve FISMA outcomes, the Department focuses on key area:
Addressing security-related issues that contributed to the information material weakness reported in the audit of FY 2012
Troubleshoot and escalate tickets on customer account issues and service impacted for Windows 2008 R2/2012 R2 servers programs and application services as well as troubleshoot and escalate tickets affecting local and regional offices
Performed analysis and troubleshooting for various Microsoft server issues on hardware pertaining to Dell and HP related servers physical and virtual (VMware Esxi 5.0/5.5/6.0 and Hyper-V)
Installed, tested, implemented, and updated in house and third party system software application packages via SCCM
Provided technical support to system development, database administrators, data security, data communications and helpdesk/service desk on system and application resolution of system errors
Handled incident reports from application support teams, registering calls using available tools, and escalating promptly as needed
Administered networks with mixed Windows 2008 R2/2012 R2 Enterprise server environment including configuration, operation and maintenance of systems that are desktop computers, Windows 2003 Servers and telephone systems that included optimizing system operations and resource utilization, and performs capacity analysis
Verizon Enterprise Solutions, Ashburn, VA April 2011-August 2014
Sr. Network Specialist Operations
Worked Network Operating Center/Security Operating Center in managed support facility for various federal and commercial clients
Web hosting system engineer for web implementation team, responsibilities included the design, installation, configuration and integration of IIS web platform software to host complex applications in Windows and UNIX environments
Troubleshot and escalated tickets on customer account issues and service impacted for 2008 R2 servers programs and application services as well as troubleshoots and escalates tickets affecting switch in Los Angeles
Performed analysis and troubleshooting for various Microsoft server issues on hardware pertaining to Dell and HP related servers physical and virtual (VMware and Hyper-V)
Implemented solution to eliminate duplicate SCCM GUID's thus creating client stability and integrity
Mitigated and repaired misconfigured SCCM site settings (i.e: Application host file/IIS/Distribution point issues, Hardware inventory and Software inventory misconfigurations and elimination of unused SCCM site roles)
Worked with Network Security team to ensure proper SCCM ports were implemented
Responsible for troubleshooting and maintaining overall client and server health for entire SCCM infrastructure
Designed, implemented and documented WSUS/SUP solution for Microsoft Security patch compliance
Packaged, advertised and deployed third party security updates
Installation, testing, implementation, and updating of in house and third-party system software application packages
Provides technical support to system development, database administrators, data security, data communications and helpdesk/service desk on system and application resolution of system errors
Handle incident reports from application support teams, registering calls using available tools, and escalating promptly as needed
Travelex Global Business Payments, Washington, DC August 2010-January 2011
Sr. Systems Engineer
Bowhead Information Technology Services Inc., Alexandria, VA/ActioNet Inc (Department of Transportation)
Sr. Systems/Network Engineer IV September 2008-July 2010
Metters Industries Inc., McLean, VA July 2007-September 2008
Sr. Network Systems Engineer
Loan To Learn Educap Inc., Sterling, VA February 2006-May 2007
Sr. Systems Administrator
American College of Radiology, Reston, VA March 2005-February 2006
Systems Engineer
Communications Engineering Inc., Newington, VA September 2003-June 2004
IT Manager/Network Administrator
Verizon, Herndon, VA May 2001-May 2003
Sr. NT Systems Engineer & LAN/WAN Administrator
Apex Systems Inc., (General Services Administration), Washington, DC June 2000-March 2001
Systems Administrator
TECHNICAL SKILLS
Server and Storage hardware (Cisco, HP, NetApp, Pure Storage)
Microsoft Windows Server platforms and services (Active Directory, DNS, DHCP, PKI, PowerShell)
System Management (Microsoft Systems Center, SolarWinds, SCCM/MECM, DynaTrace)
Knowledge of Web Access Management and SSO technologies (Okta, SAML and OAuth)
Virtualization and Cloud (VMware, Citrix, Hyper-V, Azure)
Microservices architecture used for a collection of small, autonomous services, in which each service is self-contained and business capability within a bounded context. Contained bounded context in an natural division within a business and provides an explicit boundary within which a domain model exists. Identity and Access Management (Active Directory, FIM/MIM, SSO/ADFS)
Enterprise Backup and Disaster Recovery (vSphere Data Protection, Site Recovery Manager, CommVault)
Enterprise Messaging (Exchange, M/Office 365)
System Security (Intune, Defender, vulnerability assessment and remediation, Anti-Virus, Host-based Firewall)
Web Server platforms (IIS, Apache, SharePoint, F5 Load Balancers)
Contact this candidate