the Active Directory and Identity Architecture at its core, but specifically explicitly integrates the dual nature of this role: a heavy-hitting, deep-dive On-Premises Systems & Network Administrator who possesses those exact "unique" engineering skills (SQL infrastructure, PKI, Firewalls, Teams Voice) alongside the expected M365/Intune cloud toolkit.
The Senior Active Directory & Infrastructure Migration Architect will be the technical lead for complex transition and consolidation projects. This role bridges the gap between deep, legacy on-premises systems engineering and modern cloud-native identity architecture.
We are seeking a candidate with a strong foundation as a Senior On-Premises Systems Administrator who excels in managing and migrating foundational infrastructure—specifically Active Directory, Windows Server environments, SQL Server workloads, and Enterprise Certificate Authorities (PKI). Beyond identity, this position requires hands-on ownership of the "unique" infrastructure elements crucial to a successful migration: networking topology, firewall routing, and legacy-to-cloud Teams Phone System deployments, while seamlessly managing modern M365, hybrid synchronization, and Intune environments.
- Directory Restructuring: Lead complex cross-forest migrations, domain consolidations, mergers, and divestitures. Manage SID history mapping, object routing, and schema extensions.
- GPO Modernization: Assess, clean up, and refactor legacy Group Policy Objects (GPOs), systematically transitioning workloads from traditional AD management to Microsoft Intune cloud-native profiles.
- Decommissioning: Safely offload and decommission legacy Domain Controllers and physical Windows Server hardware once migration parity is achieved, ensuring clean metadata cleanup.
- On-Prem SQL Mastery: Manage, maintain, and assess legacy SQL Server workloads for cloud readiness.
- Database Migration: Execute "lift and shift" operations, database detach/attach sequences, or refactoring into Azure SQL / AWS RDS, ensuring zero data corruption or permission loss during cutovers.
- CA Stability & Migration: Manage, maintain, and migrate Active Directory Certificate Services (AD CS).
- Certificate Lifecycle: Securely transition root and subordinate Certificate Authorities, ensuring that critical dependencies like RADIUS/NPS, internal web applications, and VPN machine certificates remain unbroken during server migrations.
- The Migration Bridge: Design and implement the critical network pathing required during multi-phase transitions.
- Core Routing: Configure and manage firewalls (NAT rules, access control lists), secure site-to-site VPN tunnels, and SD-WAN configurations to guarantee uninterrupted, secure connectivity between legacy on-premises branches and cloud tenants.
- Unified Communications: Lead the migration of legacy physical PBX or disparate VoIP deployments into a centralized Microsoft Teams Phone System.
- Voice Paths & Porting: Manage complex number porting processes, Direct Routing configurations, Session Border Controllers (SBCs), and Operator Connect deployments to ensure zero-downtime voice routing.
- Hybrid Synchronization: Architect and troubleshoot the critical middle ground using Entra ID Connect / Cloud Sync, resolving attribute flow issues, UPN mismatches, and hard/soft-matching anomalies.
- Tenant-to-Tenant (T2T) Migrations: Execute cloud-to-cloud identity transitions (M365/Azure/AWS) spanning mailboxes, OneDrive instances, SharePoint environments, and Azure subscription resources.
- Modern Management Rollout: Deploy Microsoft Intune and Windows Autopilot to replace traditional legacy server-side imaging, transitioning remote user devices to cloud-native management.
- Systems Administration: Expert-level Windows Server administration (2012 through 2025), AD DS, DNS, DHCP, and virtualization stacks (Hyper-V / VMware).
- Database & PKI: Strong proficiency in SQL Server maintenance/querying and AD CS certificate lifecycle management.
- Network & Security: Deep knowledge of networking protocols, firewall routing, NAT, and secure perimeter defense.
- Voice Engineering: Proven experience deploying Teams Voice paths, cloud auto-attendants, call queues, and SIP trunking.
- Cloud Ecosystem: Robust hands-on experience with the M365 suite, Entra ID, Conditional Access, and Intune configuration.
- Migration Toolsets: Fluency with migration tools such as BitTitan (MigrationWiz), Quest Migration Manager, AvePoint, or native cloud replication sets.