Microsoft Active Directory Architect

Company cultures & job summary

Our client is looking for a Microsoft Active Directory Architect and SME to lead the design, implementation, and securing of enterprise directory services within defence-grade, high-assurance environments. You'll need deep hands-on AD architecture experience and the ability to operate at both strategic and technical levels.

Working Patterns and location – Fully on site

·        Lead the architecture, design, and evolution of on-premises Microsoft Active Directory environments.

·        Act as technical SME for AD, providing expert guidance on best practices, policies, and standards.

·        Design and implement secure AD structures including domains, forests, trusts, and replication strategies.

·        Develop and enforce Group Policy strategies aligned with security and operational requirements.

·        Define and implement tiered administration models, privileged access controls, and PAM tooling integration.

·        Conduct health checks, security assessments, and remediation planning across AD environments.

·        Produce and maintain comprehensive design documentation including HLDs, LLDs, and operational runbooks.

·        Engage directly with Tech Leads, Programme Managers, and on-site customers to support delivery.

·        Proven experience in a senior Active Directory Architect or SME role.

·        Deep hands-on knowledge of multi-domain and multi-forest AD environments.

·        Strong experience designing and implementing Group Policy, DNS, and DHCP in enterprise environments.

·        Solid understanding of identity security including tiered admin models, least privilege, PAWs, and PAM tooling.

·        Knowledge of authentication protocols including Kerberos, NTLM, LDAP, SAML, and OAuth.

·        Experience with PowerShell scripting and automation for AD management tasks.

·        Ability to produce high-quality HLDs, LLDs, security architecture docs, and operational runbooks.

·        Strong stakeholder engagement and communication skills in secure, customer-facing environments.

The client would also like to see some of the below, but this is not essential:

·        Experience working within the Defence and/or Aerospace sector.

·        Familiarity with MOD policies, JSP series standards, and NCSC security guidance.

·        Microsoft certifications such as Identity and Access Administrator or Windows Server.

·        CISSP, CISM, or equivalent security certifications.

·        TOGAF or equivalent architecture framework qualification.

·        Experience integrating AD with enterprise SIEM and security monitoring tooling.

Our client is committed to providing a diverse and inclusive workplace and welcomes applications from all backgrounds.

Part-time opportunities/flexible working is available to suit individual needs.

Please note that the client has determined that the off-payroll working rules will apply to this assignment and therefore this contract will be run through an Umbrella Company. Income tax and primary national insurance contributions will be deducted at source from any payments made to the intermediary.

RECOMMEND A FRIEND: If you have professional friends/colleagues who would be interested in one of our roles and our excellent levels of service too, we'd like to recognise your recommendations with a 'thank you' of our own. For every friend you refer who then starts a role through Datasource either Contract or Permanent, we will send you £200 of Love to Shop Gift Vouchers & gift your friend £100 in Love to Shop Gift Vouchers as well!

You will be required to hold a minimum of DV Clearance. If you do not hold an active DV Clearance, please familiarise yourself with the vetting process before applying.

(c) Copyright Datasource Computer Employment Limited 2026.