Job Summary/Basic Function: Position Summary: The Sr. Active Director Administrator provides day to day Active Directory support and serves as the Active Directory authority. The administrator will implement and maintain system policies that apply to services, computers, and servers for ensuring the security of technology environment. Administration includes, but is not limited to, planning, designing, and maintaining the Active Directory infrastructure including group policies, Azure integration, and domain management.
Duties and Responsibilities:
Oversees and ensures that identity and access management infrastructure is running optimally and effectively.
Maintains knowledge of Microsoft product roadmap. Plans, develops, and integrates MS AD roadmap into enterprise architecture.
Provides support and maintenance for Active Directory Federation Services (ADFS).
Utilizes automation tools and techniques, such as PowerShell, to streamline identity and access procedures.
Perform Active Directory and SYSVOL backups, manages Active Directory offline, optimizes the Active Directory database, cleans up metadata, configures Active Directory snapshots, performs object- and container-level recovery, performs Active Directory restore, configures and restores objects by using the Active Directory Recycle Bin.
Creates and configures Service Accounts, creates and configures Group Managed Service Accounts, configures Kerberos delegation, manages Service Principal Names (SPNs).
Automates the creation of Active Directory accounts; creates, copies, configures, and deletes users and computers; configures templates; performs bulk Active Directory operations; configures user rights; offline domain join; manages inactive and disabled accounts.
Configures group nesting; converts groups, including security, distribution, universal, domain local, and domain global; manages group membership using Group Policy; enumerates group membership; delegates the creation and management of Active Directory objects; manages default Active Directory containers; creates, copies, configures, and deletes groups and OUs.
Serves as a point of contact for technical identity issues and general governance of the use of the organization's identity infrastructure.
Participates in ongoing and new IT and business partner initiatives requiring identity and access management solutions.
Leads efficiency improvements by recommending process changes as well as developing solutions to automate and orchestrate repeatable tasks for IAM.
Fosters close working relationships with staff and management to ensure the secure architecture and operations for applications and infrastructure.
Creates work plans, test plans and coordinates testing activities. Documents process diagrams, data flow diagrams, flow charts, data maps and data dictionaries, as appropriate. Creates documentation and check lists for internal processes. Updates operations and user documentation as needed.
Provides before, after hours and weekend support for migrations, updates, fixes and issues, as needed.
Adhere to published standards and procedures, such as naming conventions, migration processes, upgrade processes, change management procedures and all State, system and local policies and procedures.
Provide accurate estimates to ensure reasonable target dates. Meet target dates. Communicate revised estimates and target dates to customers in a timely manner.
Provide before, after hours and weekend support for migrations, updates, fixes and issues, as needed.
Work closely with the Service Desk to provide excellent customer service and support.
Update tickets and review periodically to determine trends demanding improvement.
Participates in a planned program of professional development - keep abreast of new technologies and make recommendations on how these may be utilized within the organization.
Attend technical training, workshops, seminars, meetings and other trainings, as required.
Contribute ideas and suggestions in team discussions
Prepare regular status reports for manager
Performs other duties as assigned
Reports to: Technical Application Manager
Minimum Qualifications: Qualifications and Experience:
Education and Experience: Bachelors degree in computer science, management information technology, computer technology, information technology, or related field and five (5) years of progressively responsible information technology and/or identity and access management experience; or any equivalent combination of education, training and experience.
Knowledge, Skills, and Abilities required: Thorough understanding of DNS, roles, Authoritative vs Recursive servers, record types, zones, zone transfers, etc. Thorough understanding and experience with core Active Directory Infrastructure, such as creating sites, site replication, DHCP, FSMO roles and their functions Experience creating and securing Group Policy. Experience with Active Directory administration / automation through PowerShell. Experience with, and thorough understanding of ADFS PKI operational experiences (user certificates, auto-enrollment) Familiarity with SCCM, SCOM, automation tools like Chef and/or Puppet Understanding of Identity Governance principles particularly provision service providers (PSP). Familiarity with AD security concepts including privileged access workstations (PAW), AD tier models. ITIL knowledge Strong knowledge and experience in the upgrade and maintenance of a university-wide Active Directory environment. Strong experience in AD best practices Proficient knowledge of Active Directory integration with Office 365 & Microsoft Azure. Working knowledge of various office related software such as MS Word, Excel, PowerPoint, Visio, and Project. Strong analytical and troubleshooting skills. Strong customer service skills. Strong organizational, written, verbal and interpersonal communications skills. Must be able to work with and communicate with people of various knowledge levels from the very technical to the casual user. Ability to set priorities and follow project schedules. Ability to develop and manage a project.
Preferred Qualifications: The preferred candidate will have: Security+ Relevant MCSA certifications: Server 2012, 2016, Windows 10 Relevant MCSE certifications: Core Infrastructure, Productivity Experience with Identity Lifecycle Management and user provisioning/de-provisioning. Experience with Directory service implementation and integration for identity data consumption by applications and systems. Experience with Azure AD and Office 365. Experience with Multi Factor Authentication such as Duo security integration into the authentication, authorization, and single sign on process for applications and systems. Demonstrate ability to think objectively and creatively, focusing not only on details, but accurately comprehending larger issues and being able to accurately and clearly communicate the relation between both. Demonstrate the ability to analyze applicability and fit-gap of 3rd party products, upgrades and maintenance releases against business requirements. Experience developing and documenting processes.
Security Sensitive Statement: This position is security-sensitive and thereby subject to the provisions of the Texas Education Code 51.215, which authorizes the employer to obtain criminal history record information.
Lamar University is an affirmative action/equal opportunity employer. It is the policy of Lamar University not to discriminate on the basis of non-relevant criteria including, but not limited to race, color, religion, sex, sexual orientation, gender identity and expression, national origin, age, disability, or veteran status in its educational programs, activities, admissions or employment practices.
Copyright 2017 Jobelephant.com Inc. All rights reserved.
Home to more than 14,000 students, Lamar University is one of the fastest growing universities in Texas and is a member of The Texas State University System. LU offers more than 100 programs of study leading to bachelor’s, master’s and doctoral degrees. The 270-acre campus in Beaumont is about 90 miles east of Houston and about 25 miles west of Louisiana