Senior Active Directory Architect

We are seeking a Senior Active Directory Architect to support the design, modernization, and standardization of directory services across a complex hybrid enterprise environment.

This role focuses primarily on Active Directory architecture in a multi-domain hybrid landscape. The successful candidate will help define and implement the strategic direction for Active Directory and its integration with Microsoft Entra ID, establishing a secure, scalable, and maintainable model across multiple countries and environments.

The position combines architectural design, technical leadership, and hands-on expertise to improve the current platform, remediate legacy issues, and support modernization initiatives across SYNLAB.

While the primary focus is on on-premises Active Directory and hybrid identity, the role also requires solid understanding of Microsoft 365 identity dependencies, particularly Microsoft Entra ID, Exchange hybrid, and identity-related integration points with endpoint management.

Required skills and experience

• Strong experience designing and operating enterprise Active Directory environments.
• Experience working in large, complex AD environments (multiple domains, trusts, or distributed environments).
• Deep knowledge of AD domain architecture, OU structure and delegation models, Group Policy architecture, authentication and identity security.
• Ability to analyze legacy environments and define practical remediations.
• Deep knowledge of directory synchronization (Entra ID Connect/Cloud Sync).
• Solid understanding of Microsoft Entra ID administration beyond synchronization, including authentication methods, hybrid identity design, and identity-related access controls.
• Experience with Exchange hybrid identity dependencies, including recipient-related Active Directory attributes and operational considerations.
• Good understanding of identity dependencies for Microsoft Intune and Entra-joined / hybrid-joined devices.
• Experience with identity lifecycle automation and provisioning flows across HR systems, Active Directory, and Microsoft Entra ID.
• Strong troubleshooting capabilities in complex identity infrastructures.
• Ability to handle both architectural topics and deep technical issues.
• Ability to work independently, drive delivery end-to-end, and follow through to completion.
• Clear communication skills (technical topics to mixed audiences) and solid documentation habits.
• Exposure to broader Microsoft 365 services and their dependency on hybrid identity design.
• Knowledge of identity governance or privileged access solutions

Example deliverables in the role

• Active Directory current-state architecture documentation covering domains, trusts, OU structure, delegation model, and Group Policy design.
• Technical review and validation of the target Active Directory architecture proposed by an external project partner.
• Implementation roadmap translating architecture recommendations into prioritized technical work for the team.
• Standardized enterprise design for Active Directory structure, including OU hierarchy, delegation model, and Group Policy architecture.
• Technical guidelines and implementation standards for integrating Active Directory with Microsoft Entra ID and maintaining reliable directory synchronization.
• Architecture principles and operational standards for Active Directory and hybrid identity environments.
• Active Directory resiliency review covering backup scope, restore preparedness, and forest recovery readiness.

Working style

• Proactively identifies risks, structural weaknesses, and improvement opportunities, and drives them through to practical implementation.
• Works effectively in complex and ambiguous environments, bringing structure, priorities, and clear technical direction.
• Translates architectural concepts into actionable next steps and supports delivery through the internal engineering team.
• Balances strategic design with hands-on pragmatism, ensuring solutions are supportable and realistic in the operational environment.
• Thinks in systems: understands dependencies across Active Directory, hybrid identity, infrastructure, and security, and designs accordingly.
• Challenges assumptions and proposed solutions constructively, including from external partners, to ensure technical quality and long-term maintainability.
• Promotes standardization, resiliency, and reduction of technical debt without losing focus on operational stability.

Active Directory Architecture

• Assess and document the current Active Directory landscape across multiple environments.
• Define and implement target architecture and standards for Active Directory.
• Improve OU structures, delegation models, tiering, and Group Policy design.
• Address architectural inconsistencies and legacy configuration issues.

Identity Stabilization and Remediation

• Lead remediation of architectural weaknesses, security findings, and legacy Active Directory issues.
• Troubleshoot complex directory and authentication issues across domains and hybrid environments.
• Drive improvements in directory design, authentication, and operational resilience.
• Strengthen Active Directory resiliency, recovery preparedness, and restore processes.

Hybrid identity and Microsoft 365 Integration

• Ensure reliable integration between Active Directory and Microsoft Entra ID.
• Support and improve directory synchronization architecture, troubleshooting, and operational stability.
• Contribute to standards for authentication, administration, and lifecycle processes across hybrid identity.
• Provide architectural input into identity-related dependencies across Microsoft 365, particularly Microsoft Entra ID, Exchange hybrid, and endpoint identity integration with Intune.
• Support design decisions affecting access, device identity, and cloud-connected provisioning.

Technical Leadership

• Act as the technical authority for Active Directory within the Workplace team.
• Provide technical guidance to the team.
• Support identity-related architectural decisions across infrastructure projects.

Collaboration

• Work closely with infrastructure and application teams across the organization.
• Align directory and hybrid identity design with broader infrastructure and security initiatives.
• Support technical workshops and coordination with country IT teams where required