Active Directory Consultant - NHS (Outside IR35)

Active Directory - Infrastructure Engineer - AD - AD Engineer - Active Directory EngineerActive Directory Migration Specialist (Contract)Location: Fully RemoteContract Type - OUTSIDE IR35Duration: 6–12 monthsRole OverviewWe are looking for an experienced Active Directory Migration Specialist to join a complex enterprise identity transformation programme. This is a hands-on contract role requiring a well-rounded technical professional who can operate across Active Directory migration, hybrid identity, security, application analysis, and testing.You will play a key role in ensuring the secure and seamless migration of users, devices, applications, and authentication services across on-premises and cloud environments.

Key Responsibilities

• Active Directory Migration
• Lead end-to-end delivery of Active Directory migration activities across source and target environments
• Plan and execute migration of users, groups, devices, and identity objects
• Work with migration tooling including ADMT, ForensiT Corporate Edition, and Quest Migration Manager
• Troubleshoot Kerberos authentication issues and manage SPN dependencies
• Produce detailed runbooks, cutover plans, rollback procedures, and technical documentation
• Azure / Identity Engineering
• Support hybrid identity integration using Entra ID (Azure AD) and Azure AD Connect
• Configure and troubleshoot MFA solutions (Duo, Microsoft Authenticator)
• Implement and validate Conditional Access policies
• Ensure secure authentication and access continuity throughout migration phases
• Security & PKI
• Assess and support PKI dependencies, including AD CS and certificate trust chains
• Validate NTAuth, NPS/RADIUS services, and certificate templates
• Align solutions with tiered administration and privileged access models
• Identify and remediate security risks impacting users, devices, and services
• Application & Business Analysis
• Perform application dependency mapping for migration-impacted services
• Analyse authentication methods (LDAP, Kerberos)
• Engage stakeholders across business and technical teams
• Facilitate workshops to capture application ownership, risks, and migration readiness
• Testing & QA
• Support migration testing, rollback validation, and pilot deployments
• Execute access validation scripts and verify authentication outcomes
• Coordinate UAT activities and produce clear test evidence
• Validate access, permissions, and application functionality post-migration

Essential Skills & Experience

• Strong experience delivering Active Directory migration projects in enterprise environments
• Expertise in Kerberos authentication and SPN management
• Hands-on experience with ADMT, ForensiT, Quest Migration Manager, SCCM, Intune
• Proven knowledge of Entra ID, Azure AD Connect, and Conditional Access
• Experience with MFA platforms (Duo, Microsoft Authenticator)
• Solid understanding of PKI, AD CS, NTAuth, NPS/RADIUS, and certificate management
• Experience in application dependency mapping and authentication analysis (LDAP/Kerberos)
• Strong background in migration testing, UAT coordination, and validation scripting
• Excellent troubleshooting, documentation, and stakeholder engagement skills

Desirable Experience

• Previous experience on large-scale enterprise migration or transformation programmes
• Strong understanding of hybrid Microsoft environments and identity security models
• Ability to work independently across infrastructure, security, and business domains

Key Deliverables

• Active Directory and identity migration plans, runbooks, and cutover documentation
• Security and PKI assessments with remediation actions
• Application dependency maps and stakeholder outputs
• Test plans, rollback evidence, and UAT documentation

Apply today for immediate start