Active Directory Consultant - NHS (Outside IR35)

Active Directory Consultant - NHS (Outside IR35)

Posted Today by Totaljobs

Negotiable
Outside
Remote
North West London (NW1)

Summary: The role of Active Directory Migration Specialist involves leading the migration of Active Directory within a complex enterprise identity transformation program. This hands-on contract position requires expertise in various technical areas, including security, application analysis, and testing, to ensure a secure and seamless migration process. The candidate will be responsible for managing the migration of users, devices, and applications across both on-premises and cloud environments. The position is fully remote and classified as outside IR35.

Key Responsibilities:

  • Lead end-to-end delivery of Active Directory migration activities across source and target environments.
  • Plan and execute migration of users, groups, devices, and identity objects.
  • Work with migration tooling including ADMT, ForensiT Corporate Edition, and Quest Migration Manager.
  • Troubleshoot Kerberos authentication issues and manage SPN dependencies.
  • Produce detailed runbooks, cutover plans, rollback procedures, and technical documentation.
  • Support hybrid identity integration using Entra ID (Azure AD) and Azure AD Connect.
  • Configure and troubleshoot MFA solutions (Duo, Microsoft Authenticator).
  • Implement and validate Conditional Access policies.
  • Assess and support PKI dependencies, including AD CS and certificate trust chains.
  • Validate NTAuth, NPS/RADIUS services, and certificate templates.
  • Perform application dependency mapping for migration-impacted services.
  • Engage stakeholders across business and technical teams.
  • Support migration testing, rollback validation, and pilot deployments.
  • Coordinate UAT activities and produce clear test evidence.

Key Skills:

  • Strong experience delivering Active Directory migration projects in enterprise environments.
  • Expertise in Kerberos authentication and SPN management.
  • Hands-on experience with ADMT, ForensiT, Quest Migration Manager, SCCM, Intune.
  • Proven knowledge of Entra ID, Azure AD Connect, and Conditional Access.
  • Experience with MFA platforms (Duo, Microsoft Authenticator).
  • Solid understanding of PKI, AD CS, NTAuth, NPS/RADIUS, and certificate management.
  • Experience in application dependency mapping and authentication analysis (LDAP/Kerberos).
  • Strong background in migration testing, UAT coordination, and validation scripting.
  • Excellent troubleshooting, documentation, and stakeholder engagement skills.

Salary (Rate): undetermined

City: North West London

Country: United Kingdom

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Active Directory - Infrastructure Engineer - AD - AD Engineer - Active Directory EngineerActive Directory Migration Specialist (Contract)Location: Fully RemoteContract Type - OUTSIDE IR35Duration: 6–12 monthsRole OverviewWe are looking for an experienced Active Directory Migration Specialist to join a complex enterprise identity transformation programme. This is a hands-on contract role requiring a well-rounded technical professional who can operate across Active Directory migration, hybrid identity, security, application analysis, and testing.You will play a key role in ensuring the secure and seamless migration of users, devices, applications, and authentication services across on-premises and cloud environments.

Key Responsibilities

  • Active Directory Migration
  • Lead end-to-end delivery of Active Directory migration activities across source and target environments
  • Plan and execute migration of users, groups, devices, and identity objects
  • Work with migration tooling including ADMT, ForensiT Corporate Edition, and Quest Migration Manager
  • Troubleshoot Kerberos authentication issues and manage SPN dependencies
  • Produce detailed runbooks, cutover plans, rollback procedures, and technical documentation
  • Azure / Identity Engineering
  • Support hybrid identity integration using Entra ID (Azure AD) and Azure AD Connect
  • Configure and troubleshoot MFA solutions (Duo, Microsoft Authenticator)
  • Implement and validate Conditional Access policies
  • Ensure secure authentication and access continuity throughout migration phases
  • Security & PKI
  • Assess and support PKI dependencies, including AD CS and certificate trust chains
  • Validate NTAuth, NPS/RADIUS services, and certificate templates
  • Align solutions with tiered administration and privileged access models
  • Identify and remediate security risks impacting users, devices, and services
  • Application & Business Analysis
  • Perform application dependency mapping for migration-impacted services
  • Analyse authentication methods (LDAP, Kerberos)
  • Engage stakeholders across business and technical teams
  • Facilitate workshops to capture application ownership, risks, and migration readiness
  • Testing & QA
  • Support migration testing, rollback validation, and pilot deployments
  • Execute access validation scripts and verify authentication outcomes
  • Coordinate UAT activities and produce clear test evidence
  • Validate access, permissions, and application functionality post-migration

Essential Skills & Experience

  • Strong experience delivering Active Directory migration projects in enterprise environments
  • Expertise in Kerberos authentication and SPN management
  • Hands-on experience with ADMT, ForensiT, Quest Migration Manager, SCCM, Intune
  • Proven knowledge of Entra ID, Azure AD Connect, and Conditional Access
  • Experience with MFA platforms (Duo, Microsoft Authenticator)
  • Solid understanding of PKI, AD CS, NTAuth, NPS/RADIUS, and certificate management
  • Experience in application dependency mapping and authentication analysis (LDAP/Kerberos)
  • Strong background in migration testing, UAT coordination, and validation scripting
  • Excellent troubleshooting, documentation, and stakeholder engagement skills

Desirable Experience

  • Previous experience on large-scale enterprise migration or transformation programmes
  • Strong understanding of hybrid Microsoft environments and identity security models
  • Ability to work independently across infrastructure, security, and business domains

Key Deliverables

  • Active Directory and identity migration plans, runbooks, and cutover documentation
  • Security and PKI assessments with remediation actions
  • Application dependency maps and stakeholder outputs
  • Test plans, rollback evidence, and UAT documentation

Apply today for immediate start