Infrastructure Specialist Active Directory & Identity

Active Directory: the identity backbone of the enterprise

Active Directory (AD) is the foundation of enterprise identity — centralizing how users authenticate, how policy applies, and how access to resources is granted across the network. When it’s current and well-documented, everything built on top of it — mail, file shares, conditional access, single sign-on — inherits that stability.

Hybrid Identity

On-Premises AD ⇄ Entra ID

Directory objects sync from on-premises Active Directory to Entra ID, so users authenticate once and get single sign-on across cloud and on-prem resources — without keeping two identity stores in sync by hand.

Diagram of hybrid identity architecture showing on-premises Active Directory synchronized with Microsoft Entra ID

Six components, one identity plane — explore each:

Core Infrastructure Roles

Six AD roles working together — search to filter, or scroll to see the whole stack.

[DC]

Domain Controller

Authenticates and authorizes every sign-in on the network. Fleet upgraded to Windows Server 2025, with functional levels raised where compatible.

[AD-DS]

AD Domain Services

The primary data store for the directory — every user, group, and computer object — plus the authentication protocols that read and write against it.

[ENTRA-ID]

Azure Entra ID

Cloud identity and access management, extending on-prem AD into the cloud. Recent work included a 6.3 TB tenant-to-tenant migration covering 270+ users with no loss of access.

[AD-CS]

Certificate Services

Issues and manages the internal PKI hierarchy — certificates for server encryption, authentication, and signing — tracked so nothing expires unnoticed.

[AD-FS]

Federation Services

Extends single sign-on to external applications and partner organizations through federated trust, without duplicating credentials.

[AD-RMS]

Rights Management

Applies usage policies and persistent encryption directly to sensitive documents and email, so protection travels with the file even outside the network.

No roles match that search — try a different term, or clear the box to see all six.

Need this hardened, migrated, or brought current?

Get in touch →