Active Directory & Azure Specialist in Reading

The Active Directory Specialist plays a pivotal role in supporting, maintaining, and enhancing a complex hybrid identity services environment that spans both On‑Prem Active Directory and Entra (Azure Active Directory). Operating within a high‑security, fast‑paced public‑sector setting, the role requires delivering expert 2nd/3rd line technical support while also contributing to long‑term service transformation, infrastructure modernisation, and operational automation initiatives. You will work at the centre of enterprise identity and access management, ensuring stability, security, and performance across critical directory services including AD DS, Group Policy, ADFS, AD Connect, PKI, and a broad range of supporting technologies.

This includes managing domain controllers, maintaining DNS/DHCP integrity, overseeing Group Policy design and deployment (including AGPM), and supporting authentication and federation services across tightly controlled environments. The role is highly technical and demands rigorous troubleshooting skills, deep protocol‑level understanding, and the ability to diagnose complex issues across interconnected systems and multi‑layered identity architectures.

In addition to BAU service delivery, the Active Directory Specialist contributes significantly to project work, including design and installation of new systems, obsolescence remediation, configuration enhancements, and security‑driven platform improvements. You will collaborate closely with architects, service leads, and project managers to define, document, and implement scalable solutions using industry best practices, Microsoft security models, and modern automation approaches.

The role supports both Agile and ITIL Continuous Service Improvement principles, ensuring that new workflows, processes, and service models are structured, resilient, and aligned to evolving business and security requirements. A major element of the role is maintaining a strong customer‑focused mindset. You will be expected to work directly with customer representatives, internal DXC teams, and senior IT leadership to communicate technical challenges, propose solutions, and build trust‑driven relationships.

This demands excellent communication skills, documentation capabilities, and the confidence to work independently without direct supervision. You will use enterprise knowledge tools, share expertise within the engineering community, and contribute to a culture of continuous learning and improvement. The position requires adaptability, initiative, and a willingness to innovate—identifying opportunities to automate, optimise, and modernise identity services to ensure long‑term platform stability and compliance.

The Active Directory Specialist must also be committed to maintaining the highest security standards, particularly within environments requiring DV‑level clearance, where meticulous attention to detail and adherence to strict operational controls are fundamental. Overall, this is a strategically significant role that blends deep technical expertise with collaborative delivery, solution design, and continuous improvement—ensuring the organisation’s hybrid identity ecosystem remains secure, modern, and highly available.

• Administer and maintain hybrid identity infrastructures across on prem Active Directory and Azure Active Directory (Entra ID), ensuring secure, reliable authentication and directory services.
• Troubleshoot and optimise identity platforms including AD, ADFS, Azure AD Connect/Sync, Entra ID, and LDAP, resolving complex federation, synchronisation, and authentication issues.
• Lead Group Policy lifecycle management, including design, implementation, and controlled deployment using AGPM to ensure consistent and secure configuration baselines.
• Manage core AD infrastructure components such as Domain Controllers, FSMO roles, DNS, DHCP, Sites & Services, ensuring resilience, correct topology, and high availability.
• Implement and enforce Azure AD security controls, including RBAC, Conditional Access, MFA, Identity Protection, PIM, and other Zero Trust aligned safeguards.
• Support Azure-based platforms including Azure Virtual Desktop, Azure Storage, and policy‑driven automation using PowerShell to streamline operational tasks.
• Administer and support Windows Server environments (2016 through 2025), ensuring proper patching, performance, and service reliability.
• Manage Public Key Infrastructure (PKI) and certificate‑based authentication, including lifecycle operations, template management, and secure issuance practices.
• Support and maintain Virtualisation Platforms in conjunction with Active Directory and domain architecture best practices.
• Contribute to the design and delivery of identity and infrastructure solutions, including installation, configuration, optimisation, and continuous service improvement initiatives.
• Produce comprehensive technical documentation, including HLDs, LLDs, operational guides, runbooks, and service model documentation for internal and customer use.
• Work within Agile and ITIL‑aligned processes to drive continuous improvement, operational consistency, and service excellence.
• Deliver clear communication and exceptional customer service, supporting both technical and non‑technical stakeholders in resolving identity and access‑related issues.
• Configure and support enterprise integrations, including Azure Enterprise Applications, ADFS‑integrated services, Single Sign‑On (SSO), and user/application provisioning for SaaS and PaaS platforms.

• 5+ years supporting hybrid AD (On Prem & Azure AD) in enterprise environments.
• Deep knowledge of Group Policy (inc. AGPM), ADFS, AD Connect, and LDAP.
• Strong grasp of Azure AD security (RBAC, Conditional Access, MFA, PIM).
• Proficiency across Windows Server 2016/2019/2022 (benefit: legacy familiarity from 2003+), DNS/DHCP, DFS, clustering, and Windows PKI.
• Operational excellence with Domain Controllers and FSMO role management.
• Azure PowerShell scripting for automation and support.
• Experience with O365/Exchange Online and Endpoint Management in identity related contexts.
• Strong documentation and communication skills; confident working directly with senior customer stakeholders.
• Familiarity with ServiceNow (Incidents, Requests, Change, Reporting).

• Azure DevOps, IaC (ARM/Bicep), CI/CD pipelines; exposure to containers/Kubernetes.
• Azure Virtual Desktop (WVD/AVD) (Nerdio beneficial), Azure Monitoring and Log Analytics.
• Broader systems knowledge: SCCM, WSUS, SCOM, AGPM, Lumensions.
• Understanding of the Microsoft Tiered Administration Model and enterprise segmentation.