Systems Administrator Engineer
Resume:
Mohammad Ali Ansari
Sr. System Engineer
https://www.linkedin.com/in/mohammad-ali-ansari-26557214/
Contact: 281-***-****, Email: ********@*******.*** Summary:
An Infrastructure Systems Engineer with strong experience in design, build, configure, break, fix and maintenance on Wintel & Virtualization platforms. Specialized in building and maintaining POS systems, with expertise in Windows OS installations, BIOS/driver updates Having excellent understanding of medium to large IT infrastructure including Network Security, Virtualization, AWS, Azure, Office 365, Backup, Storage Administration, and in-depth knowledge of VMware / Nutanix Architectures. Skills Set:
• Cloud Platforms: Hybrid Cloud (On Prem-Azure), Microsoft Azure Entra ID, AWS, VMware
• Identity Management: PAM, Azure Entra ID, Octa, Cyber Ark.
• SSO: Cyber Ark-PAM-Privileged Access Management (PAM), PVWA, CPM, PSM and PTA, OKTA
• Hypervisors: VMware, Nutanix, Cisco UCS Vblock, HP Synergy, DELL, Citrix
• Network: LAN, WAN, Wireless network, VPN, Radius Server, HP UniFi Switch
• Firewall: Cisco, Juniper, Bluecoat, FortiGate, NetScreen
• Operating Systems: Windows, Linux RedHat, Ubuntu
• Scripting: PowerShell, Automation, and agile methodologies
• Mail Servers: MS Exchange 2010 – 2019, Office365
• Microsoft Back office: SCCM, SCOM
• Directory Services: Active Directory 2000-2021, LDAP, DNS, DHCP, FTP, DFS, IS RIS TCP/IP, RAS, Linux, Unix
• Voice: MS Lync 2010/2013, Teams, Call Manager
• Backups: Commvault, HP DPX, Microsoft DPM, Networker.
• Vulnerability Assessment: Qualys, Nessus
• PKI: Microsoft CA, AWS, VMware
• Databases: Microsoft SQL
• Project Coordinator & Management
Certifications:
ITIL
VMware Certified Professional VCP
(MCITP) – Enterprise Administrator
CCNA
CCNP
HP Virtual Connect – HPVC
Education:
MSc Master of Science in Physics Electronics – University of Karachi, Pakistan.
Diploma in Data Communication Technology – Supernova Institute, Karachi, Pakistan. Experiences:
Microsoft Azure/Entra ID System Cloud Engineer @Exelon Energy Baltimore, USA April 2024- Dec 2024 Entra ID /Office 365 Tenant Management
Administer Microsoft 365 tenant, including user/group management, licensing, and service health monitoring.
Configure Exchange Online (mail flow, shared mailboxes, distribution lists, retention policies).
Manage & OneDrive (site collections, permissions, external sharing).
Optimize Microsoft Teams (meeting policies, voice configurations, collaboration features)
Assigning appropriate Azure roles and permissions based on user access requirements.
Managing group memberships and access controls.
Manage Azure Active Directory (Azure AD) – user provisioning, SSO, and group policies.
Implement Multi-Factor Authentication (MFA) and Conditional Access Policies for security.
Troubleshoot ADFS, Azure AD Connect, and hybrid identity sync issues.
Assist in various aspects of engineering projects throughout the project lifecycle.
Develop and maintain project work plans, including resource and cost allocation.
Review project specifications and design documents to ensure compliance with standards.
Track project progress and report regularly on milestones and deliverables.
Participated in OS upgrade projects, ensuring every POS build was validated and compatible with existing apps and devices.
Coordinate with cross-functional teams, including Network, security, database & application engaging with stakeholders.
Ensure all project documents are accurate and up-to-date.
Assist to implement project best practices for successful delivery. Application Registration:
Registering new applications within Azure AD/Entra ID, defining their capabilities and permissions.
Managing application secrets and certificates for secure authentication.
Configuring application manifests with necessary details like redirect URIs and supported identity providers.
Managed Azure B2C, for external user authentication and identity management
Setting up Single Sign-On (SSO) configurations for applications, including SAML, Oauth2, and OpenID Connect protocols.
Defining user claims and attribute mappings for seamless user access.
Troubleshooting SSO issues and ensuring smooth user login experiences. SYSTEM ENGINEER @MDOT Glen Burnie, USA March 2020- March 2024 Hypervisor/Migration/Management
Manage On-prem Active Directory, DNS, DHCP with 40 remote locations.
Tier I/II level support/troubleshoot on Nutanix including patching life cycle.
Tier II/III level support/troubleshoot on VMware including patching life cycle.
Configure Nutanix Move and migrate VM’s from VMware to Nutanix.
Install, configure, and administer VMware vSphere, vCenter, and ESXi environment
Administrator of Citrix VDI (CVAD) environment.
Troubleshooting of XenApp and XenDesktop (CVAD).
Support Citrix Gateway and Citrix Provisioning Services
Diagnose and resolve complex issues across virtualized servers, storage, and networking
Worked with IT, security, and application teams to design infrastructure solutions aligned with business needs Integrate VMware infrastructure with cloud infrastructure to support a hybrid environment. Microsoft 365 Administration:
Manage and maintain Microsoft 365 services, including Exchange Online, SharePoint Online, Teams, and OneDrive for Business.
Ensure compliance with security policies and best practices.
Provide end-user support and training for Microsoft 365 applications.
Implement and maintain security measures for Microsoft 365 and Azure environments including IDP policies, endpoint policies, and compliance policies.
Ensure compliance with industry standards and regulations.
Monitor security alerts (risky sign-ins, phishing protection via Defender for Office 365).
Managed Azure subscriptions to optimize resource usage and cost effectiveness.
Monitored Azure Multi Factor Authentication (MFA) for added user authentication security.
Implemented Role Based Access Control (RBAC) in Azure AD for access policies and improved security measures.
Monitor system performance, troubleshoot issues, and implement necessary updates and patches. IAM (Identity & Access Management)
Install, configure and maintain CyberArk environments.
Assist application/business unit teams with privileged accounts on-boarding into CyberArk.
Installation of CyberArk Vault including multiple PVWAs.
Collaborate to define access control, user entitlements, and user access policy management.
Worked with team IAM solutions that follow a global, hybrid cloud architecture.
Design, implement, and maintain IAM solutions to support user provisioning, authentication, and authorization processes.
Monitor and manage IAM systems to ensure optimal performance and security.
Collaborate with IT, security, and compliance teams to define access controls and identity policies.
Managed Azure B2C, for external user authentication and identity management. Kiosk / POS Maintenance
Installation, configuration, and maintenance of SiteKiosk POS systems.
Diagnose and resolve technical issues with POS hardware and software touchscreens not responding, receipt printers misaligned, card readers not syncing.
Configure POS systems to meet specific MDOT needs, including customization of kiosk interfaces and payment options. SAN/NFS (3PAR)
Manage and administer 3PAR (HP Synergy frame) Storage Area Networks (SAN/NFS), ensuring optimal performance uptime.
Perform general storage maintenance to include firmware patching, system software upgrades, and rack modifications.
Provisioning concepts (thick/thin), storage protocols and migration best practices and methods to ensure system optimization Support Tier 2 escalated ticket troubleshooting.
Set up and manage DFS file share with the current share and have it replicate to the new file server.
Administering Synergy frames with HP OneView.
PKI & Certificate Management
Maintained Public Key Infrastructure (PKI) and certificate lifecycle management solutions. BackOffice Support
Created dashboards, alerts, and Splunk queries to track security events, directory changes, and LDAP authentication.
Using scripting languages, automate LDAP-related operations and workflows to increase productivity and efficiency.
Troubleshoot security events, performance bottlenecks, and authentication problems using LDAP logs.
Managing DPX AND Commvault backups.
Utilize SCCM-Infrastructure for patch management and OS/App deployment.
Set up and maintained Splunk setups for LDAP-related data aggregation, analysis, and visualization.
Handled DHCP to automate IP address allocation for connectivity of network devices.
Web server faults and performance problems were identified by analyzing the Apache HTTP Server error logs (HTTPD error logs).
SYSTEM ENGINEER VDI-Infrastructure @SEI College Ville, USA Sept 2019-March 2020
Designed, configured, and supported Enterprise Desktop Virtualization Technologies (VMWare View).
VMware Horizon View 7.x – application packaging, image creation and optimization.
Collaborate with the desktop team to implement global Windows 10 VDI templates.
LDAP directory services for centralized identity and access control were designed, put into place, and administered.
VDS connectors were put into place to integrate several identity sources, such as SQL databases, Active Directory, and LDAP directories.
Forecast HW requirements using periodic reporting.
Troubleshot strange behavior on thin clients used in POS environments, including delayed input response or device reboots under load.
Administrating and maintaining vSphere environments.
To verify web server availability and dependability, troubleshooted HTTPD problem codes, such as client-side issues and server- side errors.
Evaluates system analysis business processes and partners with application developers to integrate customer needs.
Adhere to performance and delivery targets within a program/project.
Adept at installing, configuring, and maintaining LDAP servers on Linux platforms, as well as Linux system management.
Created unique LDAP scripts and apps with Python and Java as programming languages.
Deployed Microsoft Updates (patches and Hotfix) using SCCM and WSUS (Windows Server Update Service).
Configured LDAP schemas, attributes, and access restrictions to satisfy user authentication and authorization requirements inside the company.
Administration of Microsoft Exchange Server 2019 and 2016 & Windows 2019 and 2016 Active Directory.
Analyses group policy (GPO) changes and their impact on environment to give go/no go decisions.
Installation and Implementation of Windows server 2019 & 2016.
Collaborated with software integration specialists to support migration from Exchange 2016 to Office 365. IT CONSULTANT-Wintel Engineer @INTEL Chandler, USA July 2019-Sept 2019
Worked with Operations staff based offshore in India prioritizing tickets breaching SLA and high severity tickets and guide to provide work direction to technical staff, contract staff employees.
Determines appropriate coverage for all hours of operation.
Performs troubleshooting as required, work with other teams such as AD/DNS, Network, Compute, and 3rd party vendors to resolve issues.
Establishes, maintains, and manage user’s windows accounts, maintains systems, Windows security, and utility software on Windows server 2019/2016/2012/2008 and computer systems.
Provides server support related to other software.
Planning and implementing Backup and Recovery procedures, scheduling daily backups, and performed periodic recovery tests.
Knowledge of other enterprise backup software products such as Veritas Backup Exec, Commvault, Microsoft Data Protection Manager (DPM).
Implemented Research techniques by cyber compliance orders to support confidential operations, disable Active Directory accounts posing a network security risk to eliminate hacking ability. SYSTEM ENGINEER @HERC RENTALS Florida, USA Jan 2019-June 2019
Vulnerability assessment via Qualys & remediation for different OS (Windows, Linux, Unix) under AWS cloud and application remediation like JAVA, Jenkins, Adobe, Telematics Gateway, Mobile Management, Nginx, Nexus, Altiris
Provide technical services and support for the following areas: Hypervisor: AWS Cloud, VMware, routers, firewalls, and security.
Internal systems: Systems infrastructure, Active Directory, Group Policy, LDAP, ADFS, DNS, Exchange Server, Application & OS patching.
Working on escalated support issues related to Microsoft’s core business solutions, WAN and LAN connectivity, routers, firewalls, security, and remote access solutions.
Perform network assessments, security audits and new client consultations.
LDAP logs were watched over and examined for events related to authentication, directory searches, and operational tasks. LDAP integration was put into practice with Linux authentication systems like NSS (Name Service Switch) and PAM (Pluggable Authentication Modules).
Managed overall responsibilities on Active Directory to include user accounts, troubleshooting, modifications, permissions, OU structure, and sites and services.
Participate in the administration and maintenance of the remote monitoring and management system: update agent scripts, respond to alerts, monitor dashboard, and periodic system review.
Working with Sales Team to Engineer projects, identify new products and solutions, and research solutions for existing clients.
Document maintenance for all computer systems and network infrastructure.
Communication with customers as required: keeping them informed of incident progress, notifying them of impending changes or agreed outages.
Be available for other engineers and coach them to resolution. INFRASTRUCTURE ANALYST II –Skype Engineer @JOHN DEERE Moline, USA Oct 2018-Jan 2019
Performing Root Cause Analysis on SfB on critical outages and incidents, and permanent engineering solution
Radiant Logic Virtual Directory Server (VDS) was installed and set up for the purpose of virtualizing and abstracting LDAP directories.
LDAP-capable web applications and services were hosted on an Apache Tomcat application server that was deployed and maintained.
Secure access control was achieved by integrating LDAP authentication and authorization systems with Tomcat applications.
Supporting multiple Skype for Business messaging and collaboration technologies across an enterprise via administration, monitoring, backups, contingencies, and upgrades to on-premises servers
Collaborating with other personnel (IT Security, Technical Architecture, etc.) to sustain and improve system performance.
Admin task related to Azure AD related to skype for business. Infrastructure Specialist/System Admin @INJAZAT DATA SYSTEMS Abu Dhabi, UAE Nov 2006-Oct 2017
Completed Data Center relocation activities for Virtual Infrastructure including upgrading vCenter server to 6.0 and upgrading existing hosts to vSphere 6.0 from ESXi 5.5
Successfully migrated 1000 VMs to new Data Center using Stretched networks
Engage with business stakeholders for Critical Production workload migration schedules and outages.
Perform AD forest/domain consolidations using ADMT, Quest, migration tools
Design and implement temporary trust relationships for migration coexistence
Migrate users, groups, computers, and service accounts with SID history preservation
Reconcile Group Policy Objects (GPOs) between source and target environments.
New UCS infrastructure utilizing 32 Cisco B200 M4 blade servers implemented for Virtual Production workloads.
New Infrastructure VBlock 320(UCS-B-Series Blades B200 M3) with VNX 7500 was implemented to host dedicated production workloads of 550 VMs.
In-place upgrade Lync Server 2013 to Skype for Business Server 2015
Migrate Lync 2013 to SfB Server 2015 relies on several external components in order to function!
Considering various systems such as servers and their operating systems, databases, authentication and authorizing systems, networking systems and infrastructure as well as telephone PBX systems
Supporting complex issues and troubleshooting issues related to Lync operation.
Successfully upgraded environment from SCCM 2007 to SCCM 2012 R2 including 1,000 client endpoints and 26 servers
Configured Group Policy Objects to create a secure Windows Infrastructure
Provided third level help desk support for problems relating to Active Directory
Transitioned users from multiple legacy domains into a consolidated forest level configuration
Administered 33 Active Directory (AD) domains and related services supporting 145K users and 97K clients.
Maintained and managed Domain Name Service (DNS) for AETC Active Directory (AD) enterprise
Maintained user, group, and computer accounts for the AETC enterprise network.
Managed Group Policy Objects (GPOs) throughout the Active Directory (AD) enterprise
Developed organizational units in Active Directory (AD) and managed user security with group policies.
Mange user authentication via RADIUS Server on Wireless LAN Controller (WLC) Configuration
Azure/AWS: Research into, and implementation of, new Azure tools to improve efficiency, performance, and cost-effectiveness.
MS Exchange: Administer & Manage with Exchange, ActiveSync, Public Folders, Microsoft Office Communicator & Lync Unified Communications including use of the voice, desktop sharing, and federation services.
Exchange Messaging upgrades, Business Continuity & High Availability, Messaging Consolidation, Secure Messaging, Messaging Archiving, Unified Messaging, Mobile Messaging, Office Communications Server, and Exchange scripting
PowerShell scripting in Microsoft Exchange backup and restore of mailboxes.
Implement & Managing VBA VMware Backup solution.
Supporting Unified Computing Environment (UCS) infrastructure across two Datacenters.
Managing Service Profiles, Templates & Pools as part of UCS Administration Automating various Virtualization tasks thru PowerShell scripts
Disaster Recovery setup using Site Recovery Manager (SRM) with Storage Array Replication
Supporting VBlock (300 & 320) Infrastructure with VNX 7500/7300 Storage
Successfully completed Data Center relocation activities for Virtual Infrastructure including upgrading vCenter server to 6.0 and upgrading existing hosts to vSphere 6.0 from ESXi 5.5
Contact this candidate