IAM & AD / Azure AD Engineer
Resume:
Ashok Nalluri
Mail: ************@*****.***
Mobile: +1-862-***-****
PROFESSIONAL SUMMARY
I am Identity & Access Management (IAM) and Active Directory Engineer with proven expertise in designing, deploying, and managing Active Directory forests, domains, and hybrid Entra ID (Azure AD) integrations. Skilled in GPO enforcement, RBAC, MFA, privileged access management, and enterprise security baselines to safeguard critical infrastructure. Adept at troubleshooting authentication protocols (Kerberos, NTLM, LDAP), resolving complex replication issues, and ensuring business continuity through robust backup, recovery, and disaster recovery strategies. Strong background in DNS, DHCP, Certificate Services, and OU design, with advanced PowerShell scripting for automation, monitoring, and reporting. Recognized for conducting AD health checks, audits, and remediation while aligning with industry compliance frameworks. Trusted 3rd-level escalation point with a track record of delivering secure, scalable, and high-performing identity solutions in enterprise environments.
AD SME
Design, implement, and manage identity and access management solutions using Azure AD .
Configure and maintain user accounts, groups, and roles within Azure AD.
Implement and manage authentication methods such as password-based, multifactor authentication (MFA), and single sign-on (SSO) using Azure AD.
Monitor and analyze Azure AD logs for security incidents and access anomalies.
Implement conditional access policies to enforce security controls based on user risk levels and device compliance.
Can assign admin roles to other users, reset passwords, manage user accounts, and access all Office 365 services and data.
Manages Microsoft Teams settings and policies, including user access, guest access, and external communications.
Investigates and responds to security incidents and implements security best practices across Office 365 services.
Windows Server Administrator:
Managed Windows Server environments, ensuring optimal performance and availability for critical business applications.
Configured and maintained DNS, DHCP, and Active Directory for the organization’s network infrastructure.
Performed patch management, ensuring that the servers and Active Directory systems were up to date with security patches.
Supported user account creation, modification, and deactivation in Active Directory, using automation to ensure accuracy and reduce risk.
Monitored system performance and performed routine diagnostics on Active Directory-related services and network resources.
Office 365 Administrator:
Administered Microsoft 365 tenants for users, managing Exchange Online, SharePoint Online, Teams, OneDrive, and Intune to ensure secure collaboration and productivity.
Implemented Exchange Online mail flow policies, connectors, transport rules, and hybrid configurations between on-prem Exchange and cloud to streamline messaging services.
Configured Entra ID (Azure AD) conditional access policies, MFA, and self-service password reset (SSPR) to enhance security and user experience.
Designed and managed dynamic groups and RBAC in Entra ID, automating license assignment, permissions, and access control.
Enforced data governance and compliance policies using Microsoft Purview Compliance Center, including DLP, retention labels, sensitivity labels, and insider risk management.
TECHNICAL SKILLS:
ACTIVE DIRECTORY, Service Now, O365, AZURE IAM, SAML, OAuth, FORGEROCK, ENTRA ID, AWS, SHAREPOINT.
Identity & Access Management (IAM), Customer Identity and Access Management (CIAM), Provisioning/Identity Workflows, Access Management, Role-Based Access Control (RBAC), User Access Review, Attestation, Report Generation, Single Sign-On (SSO), Multi-Factor Authentication (MFA) .
PROFESSIONAL EXPERIENCE
BLUE SAGE SOLUTIONS ( Englewood Cliffs, New JERSEY ) FEB 2025
AD SME
Responsibilities:
Served as the Subject Matter Expert for Active Directory and Entra ID, supporting multi-forest, multi-domain infrastructures for a large enterprise environment.
Administered Domain Controllers, forests, trust relationships, Global Catalogs, FSMO roles, and AD topology, ensuring continuous availability and secure operations.
Managed promotion and demotion of DCs, forest administration, schema updates, and cross-forest trust configurations.
Oversaw GPO creation, lifecycle management, SYSVOL health, replication troubleshooting, ADSI edits, and Windows Time Services configuration.
Performed regular AD health checks, replication remediation, event log analysis, database cleanup, tombstone management, and authoritative/non-authoritative restores.
Designed and executed AD backup, recovery, and disaster recovery strategies, including DR runbooks, testing, and failover validation.
Managed ADCS/PKI, smart card authentication, certificate templates, CRL publishing, and lifecycle automation.
Conducted security hardening of Domain Controllers, managed patching, vulnerability remediation, audit configurations, and baseline enforcement.
Led Active Directory domain migrations and forest consolidation projects, including SIDHistory handling, identity synchronization, and hybrid identity rollout.
Developed and maintained PowerShell automation scripts for replication monitoring, GPO deployment, DC health checks, certificate provisioning, and Entra ID tasks.
Managed and optimized DNS, DHCP, Sites & Services, and SRV record configurations for identity service reliability.
Implement and support AD backup, recovery, and disaster recovery procedures, including authoritative/non-authoritative restores using tools like Windows Server Backup and Azure Backup.
Configure and manage Microsoft Certificate Services (AD CS) and Public Key Infrastructure (PKI), including certificate templates, CRLs, OCSP, and auto-enrollment policies.
Manage user environments including roaming profiles, folder redirection, and integration with cloud storage access controls, such as Azure Storage and hybrid cloud identity features.
Lead complex Active Directory domain migrations and consolidation projects, including restructuring OU hierarchies, DNS refactoring, UPN standardization, and hybrid identity alignment.
Support and enhance Entra ID (Azure AD) hybrid identity, including Azure AD Connect, seamless SSO, PHS/PTA, device registration (Hybrid Join), Conditional Access, and MFA enforcement.
Troubleshoot directory synchronization issues, user provisioning, device writeback, and identity federation (ADFS Entra ID) during hybrid environment operations.
Implement role-based access, privileged access controls, and Zero Trust policies across both on-prem AD and Entra ID to improve security posture and governance.
Managed and supported Windows Server (2012/2016/2019/2022) infrastructure, ensuring high availability, patch compliance, and adherence to security baselines.
Performed Active Directory (AD) administration tasks including user/group management, OU design, FSMO role maintenance, Group Policy configuration, and replication troubleshooting.
Implemented and monitored domain controller health checks, DNS/DHCP management, and automated AD cleanup processes using PowerShell scripts.
Configured and maintained file servers, print servers, and remote desktop (RDS) environments, improving operational reliability across distributed offices.
Supported AD Connect synchronization between on-prem AD and Entra ID (Azure AD) to ensure consistent identity lifecycle management and SSO functionality.
Designed and enforced RBAC-based access controls and security group governance to align with Zero Trust principles.
Automated server provisioning and patching processes using PowerShell DSC, SCCM, and Windows Admin Center, reducing manual administrative overhead.
Performed Windows event log analysis and system auditing, identifying root causes of authentication and performance issues.
Implemented and tested Disaster Recovery (DR) and Backup solutions using Windows Server Backup and Veeam, ensuring business continuity.
Implemented S3 lifecycle policies for automated data transition between Standard, Intelligent-Tiering, and Glacier storage classes, optimizing performance and reducing monthly storage costs by up to 40%.
PROFESSIONAL EXPERIENCE
Optiv Security, Inc. - BJC Health Care (St. Louis, Missouri) Dec 2022 to Feb 2025
AZURE AD
Responsibilities:
Designed and implemented an engagement model across business verticals, coordinating BAU support from contractors and aligning with enterprise IAM strategy.
Provided L2 and L3 level support for Identity and Access Management systems, specializing in Azure Active Directory and integrated services.
Took ownership of day-to-day administration of Active Directory forests and domain controllers, making sure authentication, trusts, and logons stayed stable and reliable for users and applications.
Handled promotion and demotion of domain controllers and managed forest-level tasks (including FSMO roles), planning changes carefully to avoid downtime or surprise impacts.
Designed and maintained Group Policy Objects (GPOs) for security, desktop settings, and application controls, helping standardize the environment and reduce one-off support requests.
Managed AD Sites and Services and tuned replication settings so that authentication and directory lookups were fast and consistent across remote offices and data centers.
Performed regular AD health checks using tools like dcdiag and repadmin, cleaned up stale objects, and fixed replication issues before they became user-facing problems.
Managed key AD components such as SYSVOL, Global Catalog servers, FSMO roles, and Windows Time Services to keep logons, Kerberos tickets, and time-sensitive operations running smoothly.
Implemented and supported backup and recovery processes for Active Directory, including system state backups and DR procedures, so identity services could be restored quickly during incidents.
Configured and maintained Active Directory Certificate Services (AD CS) and PKI, including certificate templates and auto-enrollment, to support secure authentication, TLS, and code signing needs.
Supported user environment management by configuring roaming profiles, folder redirection, and access to cloud storage (such as Azure Storage), improving user experience across devices and locations.
Led or contributed to Active Directory domain migration and consolidation projects, including discovery, planning, testing, cutover, and post-migration cleanup, while keeping user impact minimal.
Worked on hardening domain controllers by applying security baselines, tightening privileged access, and addressing vulnerabilities found in security scans in partnership with the security team.
Collaborated closely with server, networking, and security teams to review AD changes, document forests/trusts/GPOs, and keep the environment well-documented and audit-ready.
Built PowerShell automation frameworks to streamline account provisioning, group membership management, and periodic access reviews.
Delivered detailed audit reports and executive summaries from AD/Entra ID health checks, translating technical findings into business risk assessments.
Created and managed O365 connectors, mail routing policies, and basic transport rules.
Enabled certificate-based authentication using internal CA and third-party cert providers.
AG Consulting Services - L & T (Hyderabad, INDIA) Nov-2021 to Nov-2022 IAM Engineer
Responsibilities:
Troubleshooted and diagnosed complex authentication and authorization issues within SAML, OAuth 2.0, and OpenID Connect flows, utilizing log analysis, network monitoring tools, and system diagnostics.
Acted as the go-to escalation point for complex AD authentication and trust issues, working through event logs, network traces, and replication data to quickly restore normal operations.
Monitored domain controller health, performance, and security using tools like Event Viewer, performance counters, and monitoring platforms (e.g., SCOM/Splunk), and took proactive action on early warning signs.
Supported hybrid identity scenarios by integrating on-prem Active Directory with cloud services (e.g., Entra ID / Azure AD), helping provide seamless SSO and access to SaaS applications.
Participated in DR tests and tabletop exercises focused on AD recovery, validating backup integrity and updating recovery runbooks based on lessons learned.
Worked closely with security and audit teams during internal and external audits, providing AD evidence, hardening details, and remediation plans for any findings.
Standardized OU structure, naming conventions, and GPO strategy across the environment, making administration easier and improving clarity for other support teams.
Provided guidance and knowledge-sharing to junior admins and helpdesk teams on AD best practices, basic troubleshooting, and when to escalate issues related to domain controllers or GPOs.
Integrated ForgeRock Identity Management (IDM) with various target systems (e.g., Active Directory, LDAP, HR systems) using connectors and custom workflows.
Migrated user data from legacy system to the Akamai Identity Cloud using Akamai data migration Python scripts.
Designed, configured, and implemented complex PingFederate solutions, including custom adapters and authenticators, to meet unique business requirements and enhance security posture.
Designed and implemented ForgeRock AM and IDM for enterprise-wide authentication, SSO, and provisioning.
Developed dynamic authentication trees using nodes for biometric, OTP, device fingerprinting, and adaptive risk policies.
Assisted in user authentication troubleshooting and ticket resolution involving SSO/SAML failures.
Participated in upgrades, patches, and environment migrations for ForgeRock AM and IDM.
Built and maintained scripts to automate provisioning via REST APIs and scripting connectors.
GlobalLogic – GRAB (MALYSIA) July-2020 to Nov -2021
IAM Engineer
Responsibilities:
Configuring security policies and settings, including password policies, account lockouts, and session management.
Ensuring compliance with organizational and regulatory security standards.
Collaborated with networking teams to troubleshoot Kerberos and LDAP issues tied to DNS, routing, or firewall changes, often bridging the gap between network and AD troubleshooting.
Documented AD architecture, forest and domain design, trust relationships, GPO strategy, and standard operating procedures so the environment was easier to support and hand over.
Took part in after-hours maintenance windows for patching domain controllers, upgrading OS versions, and applying critical fixes, always validating AD health before and after changes.
Helped educate support teams and business units on basic AD concepts (groups vs OUs, GPO impact, password policies), leading to fewer misconfigurations and more meaningful service requests.
Worked closely with cloud teams when extending AD into Azure or other cloud environments, ensuring that identity, DNS, and time synchronization were set up correctly from day one.
Experience on Office 365, ADFS, and SQL Server high availability in a multi-datacenter environment.
Active Directory administration, domain controller upgrades.
Office 365 and ADFS Farm implementation and design, to include Azure AD Connect in a distributed, multi-datacenter environment.
Domain controller upgrade, migration, and managing replication schema.
Tech Mahindra – HERE (LONDON, ENGLAND) Nov -2018 to April -2020
Access Management Analyst
Responsibilities:
Creating, managing, and deleting user accounts, groups, and organizational units (OUs).
Led and executed end-to-end implementation projects for ForgeRock Open AM, OpenID, and Open DJ for enterprise clients across various industries.
Managed onboarding of app logs and IAM provisioning for enterprise clients.
Supported audit preparation and access certification processes.
Collaborated with detection response teams to enhance visibility.
Gathered and analyzed client business requirements and translated them into detailed technical specifications and solution designs for ForgeRock implementations.
Configured and customized ForgeRock components, including authentication and authorization workflows, SSO and federation setups, user provisioning and reconciliation processes, and access policies.
Developed custom Java and JavaScript extensions, plugins, and scripts to meet specific client requirements and integrate ForgeRock with existing enterprise applications.
Designed and implemented high-availability and scalable ForgeRock architectures, including load balancing and clustering configurations.
Integrated ForgeRock with various identity stores (LDAP, Active Directory, databases) and target applications using standard protocols and custom connectors.
Performed thorough testing, including unit testing, integration testing, and user acceptance testing (UAT), to ensure the stability and functionality of implemented solutions.
Developed comprehensive technical documentation, including architecture diagrams, configuration guides, and deployment procedures.
Provided post-go-live support, troubleshooting issues, and implementing necessary enhancements and upgrades to ForgeRock environments.
Collaborated effectively with cross-functional teams, including client stakeholders, project managers, and other technical resources.
Participated in the implementation and maintenance of IAM solutions, with a focus on ForgeRock products.
Assisted in the design and configuration of access management policies and workflows using ForgeRock OpenAM.
Contributed to the development and implementation of user provisioning and deprovisioning processes using ForgeRock OpenIDM.
Supported the administration and maintenance of LDAP directories using ForgeRock OpenDJ.
Troubleshooted and resolved issues related to authentication, authorization, and provisioning within the IAM environment.
Created and maintained technical documentation for implemented IAM processes and configurations.
.
A4Softech (Hyderabad, India ) Aug – 2015 to Oct – 2018
Software Engineer
Responsibilities:
Diagnosing and resolving technical issues in hardware, software, or networks.
Assisting end-users with IT-related problems.
Escalating complex issues to senior engineers or specialists.
Performing routine system and software updates.
Monitoring system performance and security.
Ensuring compliance with IT policies and standards.
Setting up new hardware, software, and network systems.
Configuring technical tools and platforms for efficiency.
Testing systems to ensure optimal performance.
Coordinating with other departments to resolve technical issues.
Assisting in IT or engineering project implementations.
Experienced in handling high priority incident tickets and working with Microsoft support
Education:
Bachelors of Technology JNTUK • 2015
Contact this candidate