SUMMARY

• Over 20+years of IT experience and in Academics, specializing in Server administration in various environments - Windows 2000-2019 with Active Directory Services, O365 and Azure Azure AD and Azure AD Connect, AWS
• Install, configure, troubleshoot Azure AD connect, Configure and customize synchronization rule, build hybrid Azure AD environment, sync on premise objects (users, groups, devices) to Azure AD.
• Convert Federated domain to managed domain, enable single sign-on, pass-through authentication, password hash-sync, password write back, device sync etc..
• Configure MFA with modern auth method like SMS, FIDO key, OTP Auth app code, etc, configure Azure AD Security, Conditional Access, named location, white list IP ranges, Self service password reset (SSPR) configuration and implementation.
• O365 Administrating, Exchange mailbox setup, tenant to tenant mailbox migration, troubleshoot mailbox related issues, proxy, contacts, GAL attributes, auto provisioned various license (O365, M365, Project, Visio, etc), DLP polices setup, external email restriction setup etc..
• Integrate and configured many enterprise application like AWS SSO, Cisco VPN, Summit tool, more than 100 various apps (SAML, SCIM).
• Analysis of SIGN-ON, Audit and troubleshoot of users’ account auto lockout and various issues
• IAM in Azure AD, Azure AD accounts creation, password reset, group creation and assignment by using powershell script, provisioning uses and groups to enterprise apps.
• Azure Intune: configure MDM policies, migrate MDM from O365 to Azure Intune, device management from Intune, packaging applications, push various packages, policies and scripts from Intune to end user devices, patches deployment from Intune, Autopilot and White Gloves etc.
• AD on AWS, shared and managed AD creation in AWS, build trust relationship between Shared and AWS AD (in different AWS tenancy), health check, day to day activities Active Directory (on premise)
• An Active Directory SME Designing, implementing changes, troubleshooting, supporting Enterprise Wide Windows Active Directory environment composed of Multi-Forest environment with different Trusts, multiple Domain environment, multiple domain consolidations and retirements, Sites and Services, Site replications, domain controllers holding different FSMO roles, DNS troubleshooting, User base accounts of 150,000 and Windows server count of 2,000 running different flavors of Windows Operating Systems such as Windows 2019, 2016, 2012 R2, Windows 2008 R2. Involved in Architecting domain solutions such as domain consolidation and trust creations both Forest level and Domain level.
• Hands-on experience on DNS, DHCP, DFS, GPOs, OU, RDP, ADFS, DFSR, AD authentication protocols Kerberos, NTLM, LDAP, LDAPS.
• Built AD on DMZ, joined 400+ different flavor severs (Linux, Unix, windows), firewall port opening, NTP server configuration, implementation of rules for AD on DMZ, IAM, built trust etc..
• Experienced in designing, implementing and evaluating applications, systems and utilities relevant to Active Directory Domain services.
• Profound experience in administration of user Accounts, Groups, Resources, Security, Backup strategies in window Servers
• Implemented In-Place Upgrade OS from Windows Server 2008 R2 (Enterprise and Standard) to Windows Server 2012 R2 to 2016
• Experienced in Stale Objects Clean up, meta data cleanup by using NTDSUTIL
• Monitoring the Active Directory Replication status and the health check of DCs and troubleshoot.
• Expertise in Active Directory design and support (Group Policy Object (GPO), Active Directory (AD) Schema, Organization Unit (OU), LDAP, Sites, Replication, AD Hardening, User Drive Mappings, Bit locker etc.
• Experience in Performing the Domain functional level from windows server 2003 to 2008 to 2012 R2.
• Deploy and manage Public CA certificates, Digicert certificate issuance and apply various certs
• Design and Configuring Event forwarder and Collector for large number of servers
• Design and configuring Print server, push through GPO to multiple location, conditional deploy.
• Design and configured DFS namespaces, replication, file share
• Worked with various file servers like Panzura File share, NTFS file server
• Assess RAP report and implement critical fixes
• Metadata cleanup, Orphan object cleanup by using NTDSUTIL
• OKTA: integration and disconnection of various applications, sync on prem users to azure via OKTA, license provisioning, MFA configuration etc.
• Worked Azure IAM, Sailpoint IAM, Savient IAM, Okta IAM
• Design and implemented ADFS
• Design and implemented SCCM
• Resolved various Beyondtrust, Crowdstrike, WSS (Symentec security), Cisco ISE, SEP, Securonix issues
• Involved in architecting, implementing, supporting Disaster Recovery effort, build DR DC in Cloud, VM level backup, snapshot, System State backup, BareMetal backup.
• Hands on basis experience of Patch Management Plus (PMP tool), design, configure and implement Distribution Server and PMP Cloud tool, create network boundaries, integrate domain and workgroup device, install PMP agents to all devices, create deployment policies, approve patches and deploy patches to all servers and end user devices as per deployment policy.
• Configure WSUS server and patch all servers and end user devices of windows 2008 and 2012 R2, 2016, 2019, end user devices XP, win 7, Win 8, Win 10
• Manually patch all Domain Controllers by downloading cumulative update and various vulnerabilities patches from Microsoft Catalogue portal.
• Architect and implemented migration plan, provided various solution to client based on company’s current AD structure, legacy applications, print server, DFS, Azure AD, OKTA, MDM, DNS etc..
• Expertise in Migration Using Quest Migration Manager and ADMT Tool 3.2 for Active Directory.
• Expertise in Migrating Users, Groups, Workstations and Window Servers from Source Domain to Target Domain.
• Cross forest migration of users with roaming profile, groups, devices (forest to forest with single O365 tenant), cross forest migration with multiple tenants (tenant to tenant mailbox migration)
• During migration phase - worked with Application testing, troubleshooting of various apps like ODBC 32bit n 64bit, Crystal report, informatica, HR apps, bank apps, Citrix server, Ebcars, EII, EBPS, Tibco, DB2 etc..
• Good understanding of network technologies, and common network equipment function (switches, routers, APs, Distribution boxes, VPCs, Breakout switches, MX250,MX100, proxies, load balancers, IP protocol suites)
• Ticketing: Experienced in various ticketing system like “Service-Now, Symphony Summit, HPSM....” to create and resolve Incident, SR, SAR and CR (change request).

TECHNICAL SKILLS

VMware: VSphere, VMware ESXI 6.x,VMware converter, VMware Update Manager, HA, DRS, DPM, Hyper-V, vMotion and VMotion etc..

Operating System: Windows Server NT 4.0/2000/2003/2008/2008 R2/2012/2012R2/2016, 2019 servers, Windows XP/Vista/7//8/Windows 10

Server Hardware: Dell PowerEdge, HP, VNX, IBM Servers, HPE 8000 3PAR Storage, HP P6500 EVA, EVA 6500

Networking Protocols: TCP/IP, WINS, DHCP, DNS, DDNS, SNMP, SMTP, Ethernet 10/100/1000,WAN/LAN Routing, Routers, Switches

Backup Software’s: WbAdmin, Symantec backup exec, AOMEI backup, Symantec Ghost

Applications: MS Office 365 and all lower versions, and MS Visio, Microsoft Exchange Server 2003,2007,2010, Office 365

Scripting: Powershell, Java, VB

Programming: Database Programming by using C#, VB & Crystal Report as frontend, Oracle and SQL DB as backend, (ODBC, OLEDB), Can develop full life-cycle applications.

Database admin: SQL DB, Oracle DB

Web design: Web designing by using C#, Javascript, ASPX, HTML, CSS, WYSIWYG, Photoshop, Adobe flash etc

Hardware Knowledge: Repair desktops, any windows based laptops, any apple laptops

PROFESSIONAL EXPERIENCE

Confidential

Active Directory (SME) - AD Architect

Responsibilities:

• Created various architectural design and presented to client for AD migration plan, provided live demo for hybrid Azure AD and Azure AZ migration approach
• Migration Approach:
• Disjoined OKTA sync Engine,
• De-federated domain and converted to managed domain,
• Install and Configure Azure AD Connect and kept two sync Engine (OKTA and AADC) side by side
• Configure SSO and Password hash sync
• Provisioned automated O365 licenses and make sure all emails are accessible, all O365 apps are working fine, one-drive files are still accessible
• Configured auto-fill MS-DS-CONSISTENCYGUID with OBJECTGUID, verified Immutable ID and cloudsourceID
• Migrated MDM from O365 to Intune
• Migrated users by using ADMT with password (Live Demo provided, migration under process)
• Automated various attributes update, provisioning and de-provisioning by using powershell script
• Sync with Azure AD and auto provisioned M365 E5, visio, project etc licenses
• Make sure after migration OKTA integrated apps are still accessible, O365 all applications are still accessible including Outlook emails and One-drive files
• Integrated various enterprise applications with Azure AD, assign application to various users based on AD groups
• Integration of Panzura with AWS
• AD server build (Win 2019), QA server build, Promote and Demote Domain Controllers across the forest and domain level
• Configure event forwarders (50+ servers) by pushing GPO and configured event collector
• Various application testing (ODBC, DB2, AWD, Encore, Citrix, Crystal report, clienteer, crystal report, 32bit and 64bit applications, 50+ apps) as part of user migration.
• DFS file share migration
• Provided solution to replace Legacy Print server with cloud-based print server (PrintLogic modern technology), or Direct IP mapping solution based on DNS
• Implemented and managed GPO to secure the Active Directory Environment
• Create group policy and apply to OU, enforce GPO
• Responsible for managing and administration of many servers across multiple forests and domains
• LAPS implementation (Local Admin Password)
• Azure AD configuration, Hybrid Azure Ad Join, Conditional access policy define, MFA trusted list config, MFA offnet policy define, audit user and check unauthorized user logon activity and take necessary steps to protect AD, guest user assignment.
• Designing and implementing of Active Directory and Network Fundamentals Protocols such as TCP/IP, DNS and Group Policy.
• Creating Powershell scripts in relation to Office license activation / revoke license, groups creation and adding members in group,
• Fileshare and assign rights (read/write/owner)
• And many more
• Daily replication monitoring and export to a logfile
• Domain controller health check and export to logfile
• Event viewer error log and fix accordingly
• Ldap Port (SSL port 636 open), applied root CA certificate & End Entity cert, (third party DigiCert)
• Sites and services update
• Metadata cleanup, Orphan object cleanup by using NTDSUTIL
• Ticketing system (Symphony-summit, HPSM) create change request, implement change into production resolve incident (ticket) as per users request support/fix O365 license issue, mailbox issue, skype issue, password sync, etc
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment. * Troubleshooting users and tenants provisioning in Office 365,
• DR plan and implementation (DR DC, System State Backup, Bare Metal Backup, Snapshot, VM level backup)
• Worked AD Hardening to secure the multiple forests and domains through GPOs.
• Design, implementation of PMP (Patch Management Plus) distribution server, configure PMP cloud agent, deployment of approved patches and as per deployment policy.

Environment: Windows server 2019, O365, Azure AD and AAD Connect, Okta, Intune Connector, Print server, DFS, Panzura, various applications

Confidential

Active Directory Engineer (SME) - AD team lead

Responsibilities:

• AD server build (Win 2019), QA server build, AD on DMZ server build for SAP, Highly Secure file server build, Promote and Demote Domain Controllers across the forest and domain level,
• Experience in moving FSMO (flexible single master operation) roles across forest and domain.
• Raised Forest Functional and Domain Functional Level to server 2016 across forest and domain level
• Implemented and managed GPO to secure the Active Directory Environment
• Create group policy and apply to OU, enforce GPO
• Responsible for managing and administration of 400 servers across multiple forests and domains
• LAPS implementation (Local Admin Password)
• WMI configuration for Palo Alto network
• Server patching (manual patching)
• Azure AD configuration, Hybrid Azure Ad Join, Conditional access policy define, MFA trusted list config, MFA offnet policy define, audit user and check unauthorized user logon activity and take necessary steps to protect AD, guest user assignment.
• Hands on Experience in designing and implementing of Active Directory and Network Fundamentals Protocols such as TCP/IP, DNS and Group Policy.
• Managed and administered AD DNS (forward lookup zone, reverse lookupzone, conditional forward etc.).
• Creating Powershell scripts in relation to Office license activation / revoke license, groups creation and adding members in group,
• Fileshare and assign rights (read/write/owner) created Automated evergreen process to stop sync with Azure, revoke O365 license, remove from GAL and eSearch for terminated employees and reverse if reinstate terminated emp.”, auto daily report creation and send by mail for newly created users and complete AD users, auto daily report generate for Oracle backfeed, and many more
• Daily replication monitoring and export to a logfile
• Domain controller health check and export to logfile
• Event viewer error log and fix accordingly
• Ldap Port (SSL port 636 open), applied root CA certificate & End Entity cert, (third party DigiCert)
• Sites and services update
• Manual DNS entry to create SRV record and provide permission over SRV (KMS server)
• Ticketing system (service now) create change request, implement change into production resolve incident (ticket) as per users request support/fix O365 license issue, mailbox issue, skype issue, password sync, etc
• Created Organizational Unit and provide delegation with necessary permissions according to the Business Unit of a large enterprise active directory environment. * Troubleshooting users and tenants provisioning in Office 365,
• Support to SCCM for their imaging project (Macbook and Laptops), VPN cert, PKI cert, SMIME cert
• Created and converted shared mailboxes in Office 365.
• Establish file permission, group policies, and network security policies in an Active Directory environment.
• Created/modified user account, security groups, and distribution list to protect company proprietary information.
• Worked AD Hardening to secure the multiple forests and domains through GPOs.
• Migrated Servers like application server, SQL servers, Cluster node, Service Accounts, user Accounts from source domain to the target domain using Quest Migration Manager and ADMT
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment
• Active Directory Migrations using Manager and PowerShell scripting (creation and modification).
• Inter-Forest User Migrations / Active Directory Infrastructure & Enterprise Solutions. Responsible in assisting Architects in implementing Active Directory.
• Rebuild of Active Directory under architect’s security designs. Build Domain Controllers and Member Servers to support Enterprise Solutions. Configure Active Directory Server Roles (CAs, IIS, File/Print, DNS).
• Worked with engineers and vendors for build of new Active Directory, Exchange and network environment.
• Manage and troubleshoot Lightweight Directory Access Protocol authentication for applications.
• Pinpoint and diagnose directory problems using in-depth troubleshooting diagnostics available to domain administrators.

Environment: Windows server 2016, O365, Azure AD on prem and Cloud, Exchange Server Active Directory, Remote desktop services, DMZ server