TECHNICAL SKILLS

• ActivIdentity and ActivClient (ActivIdentity ActivID Card Management System - Card Management Services)
• Aelita (Quest) EDM (Enterprise Directory Manager) Active Directory Web Administration, Vintella (VAS)
• Altiris, Attachmate 3270 for AS400, Aventail / Sine, Citrix MetaFrame, Clarify, Compaq Insight Manager (CIM/HP SIM)
• Microsoft DHCP, WINS and DNS/DDNS, HP Service Manager, Hyena, Executive Software Diskeeper
• Funk Software (Proxy & Master Client Administration)
• Fedora 7, 8, Confidential Client Access, E-Gatherer, Netfinity Manager / Director, Personal Communications for AS400
• Kronos Workforce Central, Kronos Teletime,
• RHEL 7, 8 (SSSD AD Integration)
• Lotus Notes Domino R4, R5, Lotus Sametime
• McAfee Antivirus Enterprise 8.0i
• Microsoft (MOLM) Office Live Meeting
• Microsoft Access, Microsoft Exchange 2010, 2007, 2003, Exchange 5.5 and Exchange 5.0 Server
• Microsoft FrontPage 2003, FrontPage 2000, FrontPage 98, Microsoft Index Server
• Microsoft Internet Information Server (IIS) and web development.
• Microsoft Office 2013, 2010, 2007, Office 2003, Office XP, Office 2000
• Microsoft Operations Manager (MOM), Microsoft Systems Center Operations Manager (SCOM 2007)
• Microsoft Project, Microsoft SharePoint Server
• Microsoft SQL 2012, 2008, SQL 2005, SQL 2000, Microsoft Site Server Express (Web Traffic Analysis)
• Microsoft Virtual Server & Virtual PC, Microsoft Visio - Technical & Advanced Editions
• Microsoft Windows Server 2019, 2016 (Full and CORE), 2012 / 2012R2, RODC 2008 R2 (x64 and x32), Windows Server 2003 (R2) Standard and Enterprise Server, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Terminal Services, Windows NT Server 4.0, Windows NT 3.51
• Microsoft Windows 10, Windows 8 Pro, 7 (x64 and x32), Windows Vista, Microsoft Windows XP, Windows 2000 Professional, Windows NT Workstation 4.0, Windows NT 3.51, Windows Me (Millennium Edition), Windows 98SE, Windows 98, Windows 95, Windows 3.1, Windows 3.11
• Microsoft WSUS 3.0 (SP2), 3.0 & 2.0, Microsoft Visual Studio Web Developer 2012, 2010, 2008
• Microsoft WMI (Windows Management Instrumentation) and VB Scripting
• NetPro (Quest) GpoADmin, NetPro (Quest) RestoreADmin
• Novell eDirectory 8.7 and 8.8
• Novell Netware 6.5, Netware 4, Netware 3
• Novell SUSE Linux Desktop 9, 10 (SLED)
• Novell SUSE Linux Server 9, 10 (SLES)
• OneNote
• PCAnyWhere 8.0, 9.0, 10.0, Phonetics (SensaPhone Monitoring and Administration), PowerWare OnliNet Centro and OnliNet Vista
• Remedy
• SmartSheet
• Scripting: PowerShell, VBS, KixTart, WMI, ADSI, WSH, (WScript / CScript), vb scripting and Jscript)
• Solarwinds
• Splunk
• Veritas Backup Exec (Netbackup Media Servers)
• Veritas NetBackup AD Backup/Restore (GRT) - Granular Recovery Technology
• Tivoli Products ITM, Tivoli Storage Manager, Webtrends (Web Traffic Analysis), WhatsUp Gold

PROFESSIONAL EXPERIENCE

Confidential, Research Triangle Park, NC

Senior Active Directory Engineer

Responsibilities:

• Currently serving as Senior Active Directory SME and DCE (Data Center Engineer) for GTTS Cisco (on a team of 10-15 Data Center Engineers). This is my 2nd contract with GTTS over the years and I’ve returned to enhance the Directory Services that I put in place for them over 10 years ago.
• Designed and implemented a new Tiered OU architecture for GTTS in two of its on-Prem Active Directory Forests.
• Replaced older domain controllers and upgraded to Server 2016 domain controllers
• Successfully implemented Veritas NetBackup AD Backup/Restore (GRT) - Granular Recovery Technology for two GTTS Active Directory Forests.
• Created a least privileged delegation model, AD RACI, and standardized OU architecture in preparation for Greenfield migration of all non-standard objects.
• Migrated two forests from FRS to DFS-R SYSVOL
• Implemented centralized Splunk audit collection for AD Integrated DNS and Active Directory events using Splunk (as a single pain of glass to report across multiple Active Directory forests). The Splunk dashboards for AD Activity report of all object changes, user, group, computer, OU, GPO (all object creations, deletions, membership changes alerting on specific actions.
• Created custom Schema LDIFs for our AWS managed Directory service POC project to allow new attributes to be populated and queried as needed. Educated staff on how to query attributes.
• Coordinated and resolved multiple firewall port issues that were affecting the directory services, Port exhaustion, AD Replication issues. etc.
• Reconfigured AD Sites and Services to better reflect network changes that took place over prior years. Identified missing AD Subnets and Implemented process where networking team notifies AD team of subnet decommissions and additions.
• Educated other DCE’s on GPO best practices
• Cleaned up older unneeded GPOs
• Performed multiple Metadata cleanups (including entire orphaned trees)
• Implemented Veritas NetBackup (GRT) Granular Restore Technology capabilities for all AD Forests
• Implemented solution to resolve NTP time drift issues.
• Reverse engineered enhanced existing AD delegations throughout existing OU structures.
• Designed new tiered architecture to replaced multiple over privileged domain admin credentials with tiered and rightsized, role based delegations per AD stakeholder team.
• Prepared and presented architectural designs to gain stakeholder agreements and adjust as needed during architectural vetting sessions.
• Created and implemented custom PowerShell scripts to report object counts and cleanup stale objects across separate domains.
• Worked with Network and security architects to implement VIP configurations to front-end LDAP services for enclave, iDMZ and xDMZ domain controllers.
• Created and published standard RBAC practices documentation to educate DCE team on proper AD Group usage (single level nesting).
• Created a series of Directory Service statistical reports (using powershell) for AD object reporting that assist with object cleanup and maintenance.
• Automated daily, weekly monthly AD heath checks.
• Maintained standard naming conventions
• Managed backups and restores of domain controllers and directory objects
• Created and managed all directory service infrastructure
• Provided complete architecture, creation, and management of AD forests
• Performed creation and removal of domains
• Provided day-to-day management of domain controllers
• Dealt with escalations and changes during non-core business hours
• Performed delegation of authority (as requested) to allow appropriate (least privileged) object administration
• Created, designed and maintained the delegation model to allow consistent, auditable least privileged access within the directory
• Developed and participated in peer reviews
• Disaster recovery planning of DCs, Directory objects and Schema
• Collaborated and communicated with all AD stakeholders as needed
• Executed change requests as needed
• Provided expertise pertaining to the design and implementation of enterprise access and authentication (Active Directory, LDAP, SSO)
• Support of PingFederate, Multi-Factor integration
• Domain Controller health / uptime / backups
• Performed Group Policy Object (GPO) administration, troubleshooting, and management
• Implemented / integrated enterprise level solutions
• Installed and managed security reporting tools used to monitor changes to the Active Directory
• Kept informed about domain-wide changes (attended and participated in related meetings)
• Maintained the security and integrity of all forest schemas
• Managed FSMO roles, trusts, Kerberos KDCs, replication topology, etc.
• Managed / implemented and removed trust relationships as needed
• Monitored compliance with AD policies and standards
• Monitored / reported privileged directory service changes
• Monitored connectivity, synchronization, replication, netlogon, time services, FSMO roles, schema, NTDS database partitions, DNS settings, SRV records, and trust relationships
• Responsible for the overall security and reliability of all forests
• Implemented any/all modifications to forest schemas
• Performed change management and responded to incident management / service requests as needed
• Planned and managed migrations and upgrades related to AD or the DCs
• Provided automation via PowerShell and vbs scripting
• Provided OU admins assistance as needed
• Resolved security situations at all levels of domain to ensure availability and stability of the domain
• Resolve technical issues of projects and explored alternate designs when needed
• Reviewed and managed DC event logs (planned and implemented corrective actions as needed)
• Standardized and Secured remote administration of the Domain Controllers and member servers using User Rights Assignment local policy and Restricted Access Group Policy.
• Trained and coached other AD stakeholder team members to ensure appropriate usage of the directory service
• Worked with server and data owners on a daily basis for all things directory service related.

Confidential, Raleigh, NC

Global Infrastructure

Responsibilities:

• Served as 3rd level advanced support for Global Active directory infrastructure (international).
• Successfully right-sized (least privileged) 22 separate Active Directory domains as part of a large multi-company acquisition.
• Assisted in migration of 20k+ identities/objects to our new Greenfield (Red-Forest design concept).
• Decommissioned two large multi-domain forests.
• Personally implemented a least privileged delegation model and standardized OU architecture
• Reverse engineered delegations allowing us to replace 100’s of over privileged Domain Admin level credentials with rightsized role based and tiered delegations.
• Used the newly implemented least privileged delegation model to improve in multiple areas of change management to include group policy in all the environments and delegated control to business units.
• Personally wrote and implemented custom PowerShell scripts to allow consistent attribute sync and automation across the separate domains (a major part of preparation for migration into the new Greenfield Red forest model).
• Personally wrote and published a series of daily LDAP object statistical reports using powershell allowing the business to quickly and easily determine specific areas of interest to include 30-60-90 object reporting for pswd age, mapped account attributes, last logons and many other daily reports that assisted our migrations internationally.

Confidential, Raleigh, NC

Active Directory Engineer

Responsibilities:

• Served as an AD sharp shooter on the Optum Active Directory AE (Acquired Entity) project.
• Deep dive support of Acquired Entity LDAP/Active Directory Infrastructures.
• Prepared recently acquired company LDAP/directories for integration / dual-ACL migration into our existing AD forest. This involves rigorous object cleanup and standards enforcement to include flattening of deep nested groups and proper attribute population.
• Coordinated, attended and lead daily project meetings with various AD stakeholders throughout the AE (acquired entity) integration process.
• Provided technical training to IT staff and end-users.
• Served as a technical resource regarding all LDAP / Active Directory support issues.
• Assisted all junior engineering teams with advanced troubleshooting and diagnosis.
• Wrote, tested, and implemented scripts (PowerShell, Visual Basic (VBS), WMI, ADSI, LDAP in order to perform routine and repetitive tasks associated with LDAP/AD troubleshooting and maintenance.

Confidential, Durham, NC

Senior Active Directory Architect & Engineer

Responsibilities:

• Functioned as lead for Active Directory providing oversight on daily activities, setting priorities, function as mentor, helped with problem escalation, and communicating significant problems or issues.
• Provided recommendations for additional growth and expansion of the Active Directory infrastructure along with technical specifications and requirements
• Created custom AD PowerShell scripting/automation routines for all LDAP administrative tasks.
• Designed, deployed and managed Active Directory security configurations, Authentication Methods, Kerberos, role-based access, and Advanced GPO policy administration.
• Responsible for Installing, configuring, and trouble-shooting components of the Active Directory infrastructure
• Windows 2003/2008/2012 Active Directory infrastructure design, configuration, migration, documentation, process updates, and knowledge transfer.
• Responsible for configuration and interoperability of 3rd party tools for management of AD environments (Quest/Dell), and Active Directory security policy implementations and audits
• Created and documented Active Directory change management processes, developed procedures for the Active Directory environment changes.
• Oversaw the Active Directory Schema Management.
• Prepared and oversaw technical staff and end-user training and operations documentation
• Work with the Active Directory/Messaging team lead to develop policies, procedures, and standards related to the Active Directory infrastructure.
• Functioned as technical resource regarding Active Directory issues to administrators, programmers, web developers, network security engineers, database analysts, network team, and implementation teams.
• Personally lead the architectural transformation of Confidential ’s customer’s multi-forest multi-domain Active Directory Enterprise environments and OU structure overhaul to allow for least privileged delegation throughout. Removed, mitigated the previous need for over 100 domain admins on the account.
• Successfully re-designed the customer’s OU architecture to allow a least privilege delegation model, a standardized object naming convention and new AD operating procedures used by multiple AD stakeholder teams including Information Security, Distributed Intel, Linux, and the identity and access management support teams.
• Successfully extended the customer’s DMZ domain across multiple AD sites.
• Provided consultation as well as training to multiple AD stakeholder teams including Information Security, Distributed Intel, Linux, and the identity and access management support teams directory services and IAM (Identity and Access Management) support staff.
• Provided design and day to day operational support to Confidential as well as Confidential ’s customer departments including Information Security, ID administration and their Oracle Identity Team.
• Served as highest escalation support platform for problem determination and resolution for Windows Active Directory issues for all of the customer’s multiple forests and domains.
• Assisted the Windows Operations and Windows Engineering teams with advanced OS troubleshooting and diagnosis.
• Write, test, and implement scripts (PowerShell, Visual Basic (VBS), WMI, ADSI in order to perform routine and repetitive tasks associated with AD troubleshooting and maintenance.
• Assisted Intel team to standardize all aspects of server build automation using Group Policy.
• Assisted customer in consolidation of their separate forests into their new self-managed Active Directory infrastructure.

Confidential, Raleigh, NC

Senior Active Directory Architect & Engineer

Responsibilities:

• Operational and architectural transformation of Confidential ’s (multi-forest) Active Directory Enterprise environments across North and South Carolina.
• Served as lead AD engineer, architect and consultant for all Directory Services and integration.
• Personally re-architected the enterprise Active Directory environments to include a distributed OU architecture utilizing a least privilege delegation model, a standardized object naming convention and new AD operating procedures used by the directory services and identity and access management support teams.
• Provided consultation and training for directory services and IAM (Identity and Access Management) support staff to include daily direction and guidance of Active Directory best practices and standard operational procedures while considering the bank’s unique environment. Created Information Security Active Directory Standards and Security Guidelines.
• I personally designed/architected the internal DNS architecture and enterprise namespace for a DNS project. The design would utilize hybrid Active Directory integrated DDNS zones and delegations forwarding to an InfoBlox top-level root zone.
• Lead Active Directory engineer, architect and consultant for the AD migration kickoff effort.
• Designed and architected the bank’s Active Directory environments to include complete overhaul of OU architecture, implementation of a distributed least privileged delegation model to include Production, non-production and proof of concept test Active Directory environments.
• Provided day to day consultation and operational support to the bank’s Identity and Access Management team.
• Designed, implemented and supported Information Securities WSUS (Windows Server Update Services) environment in support of INFOSEC’s self-supported servers.
• Played a lead role in the design and secure implementation of Information Security’s PAR / TPAM Solution (Quest Password Auto-Repository / Total Privileged Access Management).
• Maintained and supported the health and availability of the bank’s multi-domain, multi-forest Active Directory Services (running on physical and virtual domain controllers (Hyper-V).
• Wrote and implemented INFOSEC’s RC (Report-Card monitoring environment) used internally by INFOSEC-AD and INFOSEC-IAM teams allowing centralized reporting of managed resources.
• Played a lead role in the design and support of Directory service monitoring technologies such as Microsoft System Center, SCOM and SCCM 2007 monitoring of DS (directory services) resources.
• Provide support for problem determination and resolution for Windows Active Directory.
• Responsible for assisting in AD Disaster Recovery planning.
• Assisted the Windows Operations and Windows Engineering teams with advanced OS troubleshooting and diagnosis.
• Write, test, and implement scripts utilizing Visual Basic (VB), VBS and PowerShell in order to perform routine and repetitive tasks associated with AD troubleshooting and maintenance.

Confidential

Expert LAN / WAN Engineer, ESS Contract for SSA (OTSO / DCSI / EIB) / Public Trust Clearance

Responsibilities:

• Nationwide operational support of SSA application servers and nearly 200 Active Directory Domain Controllers throughout the SSA Enterprise.
• Design and support of Infrastructure technologies such as Microsoft System Center SCOM and SCCM 2007 R2 environments to provide complete monitoring of over 4000 Windows member servers. This System Center infrastructure is comprised of 21 servers and several management groups collecting event data from the infrastructure servers, as well as several SQL database servers, Report servers, and Data Warehousing servers.
• Provide support for problem determination and resolution for Windows 2003/Active Directory (AD) LANs including the Managed Member Servers and Domain Controllers - both software and hardware, and Windows XP/Vista workstation clients.
• Responsible for assisting in Disaster Recovery planning for the Social Security Administration’s second Support Center (SSC) in Durham NC. The SSC is a fully-functional, co-processing data center operating in concert with the (NCC) National Computer Center; together forming one of the Government’s largest civilian computer complexes housing approximately half of the Office of Telecommunications and Systems Operations (OTSO) processing environments. The SSC is operational around the clock, seven days per week, 365 days per year.
• Troubleshoot Windows 2003 and 2008 software and server hardware issues related to the operation of the SSA’s AD infrastructure.
• Utilize the designated AD monitoring solution to devise, test, implement and maintain.
• Analyze and maintain interaction of AD environment with associated products such as Exchange, MOM, SCCM and SSA’s intranet environment.
• Provide third-level support to problem records opened in Change, Asset and Problem Reporting System (CAPRS) by end-users and representatives.
• Write, test, and implement scripts utilizing Visual Basic (VB) in order to perform routine and repetitive tasks associated with AD troubleshooting and maintenance.
• Provide third level support for on-site workstations running Microsoft XP and VISTA
• Troubleshoot employee technical issue as they related to workstations, network access, and application problems.
• Support locally installed Windows servers running Windows 2003 and 2008.