Active Directory Engineer

A client of Insight Global is seeking an Active Directory Engineer to join their Cloud Infrastructure / Identity team. This is an engineer-level, hands-on role (not an architect-only position). You’ll step into a large, complex on‑prem Active Directory environment that has grown over many years and includes legacy domains from past acquisitions/mergers. The environment is hybrid (on‑prem AD integrated with Entra ID) and needs stabilization, modernization, and cleanup.

This role is ideal for someone who enjoys “getting into the weeds,” improving imperfect systems, and helping shape how the environment should operate going forward. The team is looking for an engineer who is comfortable with ambiguity, enjoys problem-solving, and is excited to help re-engineer and optimize identity infrastructure.

Key Responsibilities:
• Clean up, stabilize, and improve an existing enterprise Active Directory environment.
• Support and execute Active Directory migration and optimization efforts across workstations, servers, and applications with minimal disruption.
• Troubleshoot and remediate complex AD issues, including replication, DNS, schema, trusts, domain controllers, GPOs, and legacy performance problems.
• Assess AD health and drive improvements across multi‑domain and multi‑forest environments.
• Support hybrid identity operations, including on‑prem AD integration with Entra ID and directory synchronization tooling.
• Build and maintain PowerShell automation to improve AD health, compliance, and operational consistency.
• Implement and reinforce tiered security / tiered administration practices, least‑privilege access, and auditing standards.
• Collaborate with cross‑functional teams to assess dependencies, mitigate risk, and execute changes in a controlled manner.
• Partner with IAM stakeholders to support governance workflows and understand how SailPoint integrates with AD for access lifecycle management (joiner/mover/leaver, provisioning, deprovisioning).

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 7+ years of hands‑on Active Directory engineering experience in enterprise environments.
• Strong experience working in multi‑domain and multi‑forest Active Directory environments, including domain controllers, trusts, schema, Group Policy Objects (GPOs), FSMO roles, replication, and advanced troubleshooting.
• Proven Active Directory migration experience using tools such as ADMT, Quest migration tooling (or similar), and PowerShell‑based migration and support scripting.
• Experience supporting hybrid identity environments, with Active Directory integrated with Entra ID, including exposure to Entra ID (Azure AD), Azure AD Connect and directory synchronization concepts, and identity federation tools as applicable.
• Strong PowerShell automation skills focused on operational improvements and repeatable engineering outcomes.
• Proven experience leveraging Active Directory migration tools, including Quest Migrator Pro (MPAD) and/or Binary Tree solutions
• Solid understanding of Active Directory security and controls, including least‑privilege access, auditing, and security hardening practices.
• A hands‑on, “roll up your sleeves” mindset with comfort working in environments that are mid‑improvement and not perfectly documented.

• Experience with identity governance tools (strong preference for SailPoint) and understanding of how governance integrates with AD.
• Familiarity with tiered security model concepts (Tier 0/1/2 administration patterns).
• Experience supporting environments impacted by M&A, legacy consolidation, or recovery from migration issues.
• Exposure to:
○ Windows Server 2016+
○ Azure infrastructure and/or Intune
○ Monitoring / AD tooling (e.g., SolarWinds, ManageEngine)
○ ITSM tools (ServiceNow) and Agile tooling (Jira)

• Relevant certifications: Microsoft identity-focused certifications or equivalent experience.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.