SUMMARY

• Over 20+years of IT experience and in Academics, specializing in Server administration in various environments - Windows 2000-2019 with Active Directory Services(WINS, DNS, DHCP)
• An Active Directory SME Designing, implementing changes, troubleshooting, supporting Enterprise Wide Windows Active Directory environment composed of Multi-Forest environment with different Trusts, Multi-Forest migration and creation, multiple Domain environment, multiple domain consolidations and retirements, Sites and Services
• Site replications, domain controllers holding different FSMO roles, DNS troubleshooting, User base accounts of 150,000 and Windows server count of 2,000 running different flavors of Windows Operating Systems such as Windows 2019, 2016, 2012 R2, Windows 2008 R2. Involved in Architecting domain solutions such as domain consolidation and trust creations both Forest level and Domain level.
• Implemented In-Place Upgrade OS from Windows Server 2008 R2 (Enterprise and Standard) to Windows Server 2012 R2 to 2016
• Architect and implemented migration plan, provided various solution to client based on company’s current AD structure, legacy applications, print server, DFS, Azure AD, OKTA etc..
• Install, configure, troubleshoot Azure AD connect
• Convert Federated domain to managed domain, enable single sign-on, password hash-sync
• In Azure AD configure MFA, O365 license auto provisioning, configure Azuer AD->Security->Conditional Access-> named location, white list IP range etc.
• In azure AD- analysis of SIGN-ON, Audit and troubleshoot of users’ account auto lockout and various issues
• In Azure AD integrated various application and troubleshoot
• Resoled various Securonix, Cisco ISE, Qualys issues
• Resolved various Beyondtrust, Crowdstrike issues
• Experienced in designing, implementing and evaluating applications, systems and utilities relevant to Active Directory Domain services.
• Profound experience in administration of user Accounts, Groups, Resources, Security, Backup strategies in window Servers
• Expertise in Migration Using Quest Migration Manager and ADMT Tool for Active Directory.
• Extensive experience in deployment, migration, patching and troubleshooting of windows 2008 and 2012 R2, 2016, 2019 Domain Controllers in Active Directory.
• Establish file permission, group policies, and network security policies in an Active Directory environment.
• Implemented and managed GPO to secure the Active Directory Environment(AD Hardening)
• Experienced in Stale Objects Clean up
• Monitoring the Active Directory Replication status and the health of the Domain Controllers.
• Active Directory Services, DNS, Lync Administration, Power Shell in a very large network.
• Expertise in Active Directory design and support (Group Policy Object (GPO), Active Directory (AD) Schema, Organization Unit (OU), LDAP, Sites, Replication, etc.
• Creating and Linking Group policies for Windows Server in AD domain.
• Experience in Performing the Domain functional level from windows server 2003 to 2008 to 2012 R2.
• Expertise in creating Group policy for User Drive Mappings, Bit locker etc.
• Helpful in providing support to third tier regarding client/server infrastructure and applications.
• Expertise in Migrating Users, Groups, Workstations and Window Servers from Source Domain to Target Domain.
• Responsible for core Global AD Infrastructure design, integrations, migrations of regional domain and resources, design and implementations of GPO security policies on Active Directory member servers, as well and auditing the group membership design (utilizing AGDLP) as it relates to member servers.
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment.
• Provided Enterprise level Active Directory Architecture, engineering, Design and Documentation of the proposal approaches
• Deploy and manage Public CA certificates, Digicert certificate issuance and apply various certs
• Design and Configuring Event forwarder and Collector for large number of servers
• Design and configuring Print server, push through GPO to multiple location, conditional deploy.
• Design and configured DFS file share, migrate DFS namespace
• Worked with various file servers like Panzura File share
• During migration phase - worked with Application testing, troubleshooting of various apps like ODBC 32bit n 64bit, Crystal report, informatica, HR apps, bank apps, Citrix server, Ebcars, EII, EBPS, Tibco, DB2 etc..
• Assess RAP report and implement critical fixes
• Design, recommend and deploy Active Directory Auditing and data management products such as; native AD auditing, StealthBits Stealth Audit and Dell/Quest Change Auditor
• Involved in architecting, implementing, supporting Disaster Recovery effort and daily Windows Active Directory Administration tasks such as: Hands on scripting, creating and executing PowerShell scripts; Creation CSR and support of Certificates; Creation of users and groups; Assigning permissions to users and groups belonging to different OU structures, Creation, implementation and troubleshooting of Group Policy Objects (GPO); Maintenance of Forests and Domain Trusts; Promotion and demotion of Domain Controllers and synchronization of Domain Controllers; Troubleshoot replication related to Naming Context; Exposures to Fortinet Firewalls, McAfee Anti-Virus Software, content filtering, IDS (Intrusion Detection Systems); Involvement in planning, architecting, execution related to Windows 2008 to Windows 2012 Domain migration consisting of User objects, security groups and Computer objects.
• Experienced in various ticketing system like “Service-Now, Symphony Summit..” to create and resolve Incident and CR (change request) (normal, standard, expedited, emergency).

TECHNICAL SKILLS

VMware: VSphere, VMware ESXI 6.x,VMware converter, VMware Update Manager, HA, DRS, DPM, Hyper-V, vMotion and VMotion etc..

Operating System: Windows Server NT 4.0/2000/ 2003/2008/2008 R2/2012/2012R2/2016, 2019 servers, Windows XP/Vista/7//8/Windows 10

Server Hardware: Dell PowerEdge, HP, VNX, IBM Servers, HPE 8000 3PAR Storage, HP P6500 EVA, EVA 6500

Networking Protocols /others: TCP/IP, WINS, DHCP, DNS, DDNS, SNMP, SMTP, Ethernet 10/100/1000,WAN/LAN Routing,Routers,Switches

Backup Software’s: WbAdmin, Symantec backup exec, AOMEI backup, Symantec Ghost

Applications: MS Office 2000-Office 365,and MS Visio, Microsoft Exchange Server 2003,2007,2010, SaaS, Office 365

PROFESSIONAL EXPERIENCE

Confidential

Active Directory (SME) - AD Architect

Responsibilities:

• Created various architectural design and presented to client for AD migration plan, provided live demo for hybrid Azure AD and Azure AZ migration approach
• Migration Approach:
• Disjoined OKTA sync Engine,
• De-federated domain and converted to managed domain,
• Install and Configure Azure AD Connect and kept two sync Engine (OKTA and AADC) side by side
• Configure SSO and Password hash sync
• Provisioned automated O365 licenses and make sure all emails are accessible, all O365 apps are working fine, one-drive files are still accessible
• Configured auto-fill MS-DS-CONSISTENCYGUID with OBJECTGUID, verified Immutable ID and cloudsourceID
• Migrated users by using ADMT with password (Live Demo provided, migration under process)
• Automated UPN replaced with email by using script
• Sync with Azure AD and auto provisioned O365 license
• Make sure after migration OKTA integrated apps are still accessible, O365 all applications are still accessible including Outlook emails and One-drive files
• Integrated various enterprise applications with Azure AD, assign application to various users based on AD groups
• AD server build (Win 2019), QA server build, Promote and Demote Domain Controllers across the forest and domain level
• Configure event forwarders (50+ servers) by pushing GPO and configured event collector
• Various application testing (ODBC, DB2, AWD, Encore, Citrix, Crystal report, 50+ apps) as part of migration.
• DFS file share migration
• Provided solution to replace Legacy Print server with cloud-based print server (PrintLogic modern technology), or Direct IP mapping solution
• Implemented and managed GPO to secure the Active Directory Environment
• Create group policy and apply to OU, enforce GPO
• Responsible for managing and administration of many servers across multiple forests and domains
• LAPS implementation (Local Admin Password)
• Azure AD configuration, Hybrid Azure Ad Join, Conditional access policy define, MFA trusted list config, MFA offnet policy define, audit user and check unauthorized user logon activity and take necessary steps to protect AD, guest user assignment.
• Designing and implementing of Active Directory and Network Fundamentals Protocols such as TCP/IP, DNS and Group Policy.
• Creating Powershell scripts in relation to Office license activation / revoke license, groups creation and adding members in group,
• Fileshare and assign rights (read/write/owner)
• And many more
• Daily replication monitoring and export to a logfile
• Domain controller health check and export to logfile
• Event viewer error log and fix accordingly
• Ldap Port (SSL port 636 open), applied root CA certificate & End Entity cert, (third party DigiCert)
• Sites and services update
• Ticketing system (Symphony-summit) create change request, implement change into production resolve incident (ticket) as per users request support/fix O365 license issue, mailbox issue, skype issue, password sync, etc
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment. * Troubleshooting users and tenants provisioning in Office 365,
• Worked AD Hardening to secure the multiple forests and domains through GPOs.

Environment: Windows server 2019, O365, Azure AD and AAD Connect, Okta, Intune Connector, Print server, DFS, Panzura, various applications

Confidential

Active Directory Engineer (SME) - AD team lead

Responsibilities:

• AD server build (Win 2019), QA server build, AD on DMZ server build for SAP, Highly Secure file server build, Promote and Demote Domain Controllers across the forest and domain level,
• Experience in moving FSMO (flexible single master operation) roles across forest and domain.
• Raised Forest Functional and Domain Functional Level to server 2016 across forest and domain level
• Implemented and managed GPO to secure the Active Directory Environment
• Create group policy and apply to OU, enforce GPO
• Responsible for managing and administration of 400 servers across multiple forests and domains
• LAPS implementation (Local Admin Password)
• WMI configuration for Palo Alto network
• Server patching (manual patching)
• Azure AD configuration, Hybrid Azure Ad Join, Conditional access policy define, MFA trusted list config, MFA offnet policy define, audit user and check unauthorized user logon activity and take necessary steps to protect AD, guest user assignment.
• Hands on Experience in designing and implementing of Active Directory and Network Fundamentals Protocols such as TCP/IP, DNS and Group Policy.
• Managed and administered AD DNS (forward lookup zone, reverse lookupzone, conditional forward etc.).
• Creating Powershell scripts in relation to Office license activation / revoke license, groups creation and adding members in group,
• Fileshare and assign rights (read/write/owner) created Automated evergreen process to stop sync with Azure, revoke O365 license, remove from GAL and eSearch for terminated employees and reverse if reinstate terminated emp.”, auto daily report creation and send by mail for newly created users and complete AD users, auto daily report generate for Oracle backfeed, and many more
• Daily replication monitoring and export to a logfile
• Domain controller health check and export to logfile
• Event viewer error log and fix accordingly
• Ldap Port (SSL port 636 open), applied root CA certificate & End Entity cert, (third party DigiCert)
• Sites and services update
• Manual DNS entry to create SRV record and provide permission over SRV (KMS server)
• Ticketing system (service now) create change request, implement change into production resolve incident (ticket) as per users request support/fix O365 license issue, mailbox issue, skype issue, password sync, etc
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment. * Troubleshooting users and tenants provisioning in Office 365,
• Support to SCCM for their imaging project (Macbook and Laptops), VPN cert, PKI cert, SMIME cert
• Created and converted shared mailboxes in Office 365.
• Establish file permission, group policies, and network security policies in an Active Directory environment.
• Created/modified user account, security groups, and distribution list to protect company proprietary information.
• Worked AD Hardening to secure the multiple forests and domains through GPOs.
• Migrated Servers like application server, SQL servers, Cluster node, Service Accounts, user Accounts from source domain to the target domain using Quest Migration Manager and ADMT
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment
• Active Directory Migrations using Manager and PowerShell scripting (creation and modification).
• Inter-Forest User Migrations / Active Directory Infrastructure & Enterprise Solutions. Responsible in assisting Architects in implementing Active Directory.
• Rebuild of Active Directory under architect’s security designs. Build Domain Controllers and Member Servers to support Enterprise Solutions. Configure Active Directory Server Roles (CAs, IIS, File/Print, DNS).
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment.
• Manage and troubleshoot Lightweight Directory Access Protocol authentication for applications.
• Pinpoint and diagnose directory problems using in-depth troubleshooting diagnostics available to domain administrators.

Environment: Windows server 2016, O365, Azure AD on prem and Cloud, Exchange Server Active Directory, Remote desktop services, DMZ server

Confidential

Active Directory Engineer (SME)

Responsibilities:

• Migration of Active Directory Users and Computers objects from a Windows 2003 Domain to a Windows 2008 R2 Domain using Quest migration Software tools ( NDS Migrator, Recovery Manager for Active Directory, Reporter, Quest Migration Manager, Change Auditor)
• Implemented In-Place Upgrade OS from Windows Server 2008 R2 (Enterprise and Standard) to Windows Server 2012 R2
• Consolidated multiple domains and forests.
• Creating Powershell scripts in relation to Active Directory migration and Domain Administration
• Promote and Demote Domain Controllers across the forest and domain level
• Raised Forest Functional and Domain Functional Level to server 2012 R2 across forest and domain level
• Functions as the final escalation point for technical troubleshooting
• Experience in moving fsmo roles across forest and domain.
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment. * Troubleshooting users and tenants provisioning in Office 365,
• Configured mail flow with Office 365, set user connectivity policies for Office 365 and automated user licensing process for Office 365.
• Created and converted shared mailboxes in Office 365.
• Implemented and configured data loss prevention (DLP) in Office 365.
• Configured in-place archiving to preserve email archives.
• Configured or implemented journaling of email communications to secure a copy of all communications.
• Defined corporate retention policies and tags for email messages in Office 365.
• Secured Exchange by implementing online protection in Exchange online for spam filtering, anti-virus and threat management.
• Switched over MX record in DNS settings post migration.
• Configured auto-discover services for Office 365 post migration.
• Verified Exchange web services and active sync functionality for Office 365
• Establish file permission, group policies, and network security policies in an Active Directory environment.
• Implemented and managed GPO to secure the Active Directory Environment(AD Hardening)
• Responsible for managing and administration of 400+ servers across multiple forests and domains
• Responsible for Public Key Infrastructure (PKI) issuance
• Created PowerShell scripts to complete Active Directory related tasks such as checking AD health(services,uptime,replication,storage), stale objects clean and day to day provisions of security accounts.
• Created/modified user account, security groups, and distribution list to protect company proprietary information.
• Worked AD Hardening to secure the multiple forests and domains through GPOs.
• Hands On Experience in designing and implementing of Active Directory and Network Fundamentals Protocols such as TCP/IP, DNS and Group Policy.
• Managed and administered AD DNS.
• Migrated Servers like application server, SQL servers, Cluster Server, Application Server, Service Accounts, user Accounts from source domain to the target domain using Quest Migration Manager and ADMT
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment
• Active Directory Migrations using Manager and PowerShell scripting (creation and modification).
• Inter-Forest User Migrations / Active Directory Infrastructure & Enterprise Solutions. Responsible in assisting Architects in implementing Active Directory.
• Rebuild of Active Directory under architect’s security designs. Build Domain Controllers and Member Servers to support Enterprise Solutions. Configure Active Directory Server Roles (CAs, IIS, File/Print, DNS).
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment.
• Manage and troubleshoot Lightweight Directory Access Protocol authentication for applications.
• Pinpoint and diagnose directory problems using in-depth troubleshooting diagnostics available to domain administrators.
• Respond to AD DS data calls from auditors.
• Monitor audit changes to objects in the Active Directory.
• Experienced in Service Now ticketing system to create tickets like incident tickets, change request(normal,standard, expedited, emergency).

Environment: Windows 2003/2008/2008 R2/2012, Exchange Server 2003/2007/2010/2013 , VMware ESXi 5.x and ESXi 4.x vSphere, iSCSI SAN/NAS, LAN/WAN, Horizon view 6.0, Active Directory, SCCM 2012, iStore SAN, Dell PowerEdge Servers, Linux, Cisco Nexus 5k, 7k,Cisco ISE, Cisco 6500 series switches, P2V-V2V conversation, Azure, Remote desktop services, HP Blade Servers, DNS, DHCP, IIS 7.0, VUM,Planview, HPSA