Microsoft Architect - Active Directory Separation (Fully Remote on W2)

Job Posting Template

World Wide Technology is looking for a Microsoft Architect - Active Directory Separation (Fully Remote role). This role is part of WWT s Strategic Resourcing services and is a contract role. The candidate will be supporting a WWT customer and will be employed by one of WWT s preferred partners. The partner will provide full compensation and benefit information prior to employment with the partner.

Job Title: Microsoft Architect - Active Directory Separation
Job Location: Remote (EST Hrs)
Job Mode: Remote
Employment Type: Contract
Duration: 3- 6 months with possible extension

Rate/Salary: A reasonable estimate of the current pay range for this position is $65.00 to $75.00 hourly. Actual pay will be based on a variety of factors, including shift, location, experience, skill set, performance, licensure and certification, and business needs, and will be set by your employer. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in base pay.

Job Description:
World Wide Technology (WWT) is seeking a Microsoft Architect - Active Directory Separation for a 4-6 month contract position based in East Time Zone as part of our Strategic Resourcing Services and staff augmentation efforts.

In this role, the selected consultant will work directly with a WWT client, supporting their internal team and business objectives. While WWT facilitates the position, the consultant will be employed by one of WWT s preferred partner organizations, which will provide complete details regarding compensation and benefits before employment.

We are seeking a highly experienced and results-driven Microsoft Architect for a critical, accelerated project to separate our corporate infrastructure from our product infrastructure within Active Directory. This is a contract role with a target completion date of November 2025, ideally sooner. The ideal candidate will possess deep expertise in Active Directory, Azure/Entra ID, and cloud-native migrations, demonstrating a proven track record of successfully leading complex identity and access management projects.

Project Goal & Context
The primary objective of this engagement is to completely separate our corporate Active Directory environment from our product Active Directory. This separation is crucial for mitigating mutual risks between corporate and product systems, reducing operational overhead for our product team, and enabling independent business growth.

Currently, we operate a single domain (gordian.com) synced to a Fortive tenant, supporting approximately 900 users and 1200 computers. Our company is fully remote with headquarters in Greenville, SC. All core business applications utilize SAML SSO through Azure, and external customers do not authenticate via Active Directory.

The strategic decision has been made to move corporate users to a cloud-native setup (Azure/Entra ID), leaving the product AD standalone and unlinked to Azure AD. The product team will manage the cleanup of remaining corporate integrations post-separation.

Responsibilities
The Microsoft Architect will be responsible for the end-to-end execution of the Active Directory separation project, including but not limited to the following phases and activities:

1. Assessment & Discovery
Conduct a comprehensive inventory of existing domains, users, devices, security groups, Group Policy Objects (GPOs), and all Active Directory dependencies.
Perform a thorough evaluation of current Active Directory health, security posture, and application integrations to identify potential challenges and opportunities.
2. Architecture & Planning
Design a robust, secure, and scalable cloud-native Azure/Entra ID architecture specifically tailored for approximately 900 corporate users and 1200 corporate computers.
Develop a detailed, phased migration plan incorporating Zero Trust security principles, conditional access policies, and identity governance best practices.
Lead resource, timeline, and risk planning efforts, ensuring alignment with project goals and obtaining stakeholder review and approval.
3. Environment Preparation
Oversee and execute the setup of the new Azure AD tenant, including hybrid identity configurations (if deemed necessary during assessment, though cloud-native is preferred), and implement Entra governance.
Perform comprehensive compatibility testing for critical applications, user authentication flows, and device policies to ensure seamless migration.
Develop and implement migration automation scripts to streamline the transition process.
Contribute to the development of clear and effective user communication plans to minimize disruption.
4. Migration Execution
Manage and execute the phased migration of corporate users and devices to the new Azure/Entra ID environment.
Configure Single Sign-On (SSO) for all relevant corporate applications and ensure proper policy enforcement.
Actively monitor, troubleshoot, and resolve any issues that arise throughout the migration process.
Provide expert support for the cloud-only transition, including strategic planning for the decommissioning of legacy on-premises Active Directory components.
5. Post-Migration Optimization
Validate successful migration completion and verify the proper enforcement of all new policies.
Develop and deliver user training materials, comprehensive documentation, and facilitate knowledge transfer to internal teams.
Establish recommendations for ongoing monitoring, alerting, and long-term support of the new cloud-native environment.
Evaluate the necessity of on-premise domain controllers given our fully remote workforce and advise on decommissioning where appropriate.

Required Skills & Qualifications
Deep Expertise in Active Directory: Extensive experience with Active Directory design, implementation, and management, including GPOs, trusts, replication, and security best practices.
Azure/Entra ID Mastery: Proven expertise in Azure Active Directory (now Entra ID), including tenant setup, hybrid identity (AAD Connect), user/group management, conditional access, MFA, PIM, and identity governance.
Cloud-Native Migration Experience: Demonstrated success in migrating on-premises Active Directory environments to cloud-native Azure/Entra ID solutions, particularly for organizations with a remote workforce.
Security Acumen: Strong understanding of Zero Trust principles and their application in identity and access management.
Scripting & Automation: Proficiency in PowerShell for Active Directory and Azure AD automation.
Application Integration: Experience with integrating various applications using SAML SSO and other modern authentication protocols.
Project Management Skills: Ability to plan, organize, and execute complex technical projects with tight deadlines, managing risks and communicating effectively with stakeholders.
Analytical & Problem-Solving: Exceptional ability to diagnose complex technical issues and propose effective solutions.
Communication: Excellent verbal and written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences.
Independent & Proactive: Self-starter wh can work effectively with minimal supervision and drive projects to completion.

Desired Qualifications
Microsoft Certified: Azure Solutions Architect Expert, Microsoft 365 Certified: Enterprise Administrator Expert, or relevant security certifications.
Experience in a fully remote work environment.

Project Timeline
This is a critical and fast-paced project.
The successful candidate must be able to hit the ground running and commit to completing the entire scope of work by November 2025.
If you are a highly skilled Microsoft Architect looking for an impactful, short-term engagement, we encourage you to apply.

Equal Opportunity Employer Minorities/Women/Veterans/Differently Abled