Job Description :
Domain Controllers Level:


Maintains security and integrity of schema
Oversees modifications to schema
Full disaster recovery plan and practice of schemaEnterprise Administrator
Creation and management of the forest
Overall security and reliability of the forest
Creation and removal of domains
Management of trust relationship with test and ALS domains
Full disaster recovery plan and practice of trustsDomain Administrator
Creation and management of directory infrastructure
Includes FSMO roles, trusts, Kerberos KDCs, replication topology, etc.
Creation of all top-level OU hierarchies with subOUs, groups, and appropriate security permissions. This includes adding the OU Admins to the AddComputers group, Group Policy Creator Owners group, and OU Admins mail list. It also includes setting appropriate permissions on the created objects
Monitor and reporting associated with the reliability and security of the domain
Use the domain admin account only for actions that require the privilege level of this account
Monitoring changes to domain root and domain controllers OU to ensure unauthorized changes do not occur
Day-to-day management of domain controllers
Monitoring connectivity, synchronization, replication, netlogon, time services, FSMO roles, schema, NTDS database partitions, DNS settings, SRV records, and trust relationships
Review DC event and security logs and take corrective actions
Monitor and resolve security situations at all levels of domain to ensure stable and secure domain
Domain Controller Management
Physical security of the domain controllers in IT Division space and oversite for all domain controllers
Backups and restores on domain controllers
Full disaster recovery plan and practice of DCs and core Directory objects
Policy monitoring and compliance
Apply and enforce LBL standard naming conventions for objects in the domain
Comply with LBL AD Change and Configuration Management (CCM) requirements
Comply with LBL AD policies and standards as defined on the AD Web Site
Monitor compliance with LBL AD policies and standards as defined on the AD Web Site, including change management
Verify LBL AD Change and Configuration Management (CCM) requirements are implemented by OU Administrators
Communication and coordination
Arbitrate disputes between OU Admins
Provide OU Admins assistance when requested
Participate in ADAC
Coordination with CPP to ensure the LBL domain is secure
Comply with all CPPM orders regarding emergency conditions
Coordinate with Institutional Services to help them implement SSO, metadirectory, and other IS initiatives
Coordinate the use of the test domain by OU admins and others that need to model processes before they are deployed to the production LBL domain
Participate in OU Admin meetings as needed
Work collectively with the OU administrators
Secure remote administration of the DCs and member servers managed by the Infrastructure Group
Manage group policy at root of domain and for Domain Controllers OU
Creation, testing, and management of GPOs intended to be used by multiple OU Admins
Manage the Users and Computers Containers
Install and manage security reporting tools used to monitor changes to the Active Directory
Delegate monitored data and elevated privileges to others as needed
Create and maintain the test domain as a reasonable approximation of the production domain
Coordinate and configure alarm distribution to OU Admins for OU-related events
Plan and manage all migrations and upgrades related to the AD or the DCs
Verify new software deployments and GPO policies work by testing them in the Primus test domain as appropriate




OU Level:


Ensure overall security and integrity of their managed OU hierarchy
Use the OU admin account only for actions that require the privilege level of this account
Monitoring changes to OU hierarchy to ensure unauthorized changes do not occur
Delegation of authority to others for appropriate object administration in their OU hierarchy
Account management
Creation/deletion/management of objects, i.e. local user accounts, groups, workstations, servers, printers, etc. in their OU hierarchy
Regularly perform housekeeping duties to keep OU hierarchy clear of stale, unused, expired, and objects no longer needed
Process requests for access control authorized by data owner
Process requests for group drive mappings via login script
Create new computer accounts and join to directory services
The OU administrator will designate which administrators have "account operator" access to the Windows user accounts for users in their department.
These account operators will have privileges that let them make changes to a subset of attributes for the accounts in their OU
This subset of attributes includes Windows-centric information like home directory location, profile location, terminal server settings and other kinds of user data that isn’t replicated from the root of the LBL domain
Group Policy Object (GPO) administration, troubleshooting, and management
Publishing resource objects from their OU hierarchy in the Active Directory as applicable
Manage Group Policy Object (GPO) links in OU hierarchy
Coordinate activities of Member Server owners
Monitor department/member server(s) performance and event logs for all member servers in their OU hierarchy not maintained by Computing Infrastructure Group (CIG)
Work with server and/or data owners to set up permissions
Policy Compliance
Comply with LBL AD policies and standards as defined on the AD Web Site
Comply with LBL AD Change and Configuration Management (CCM) requirements
Apply LBL standard naming conventions to objects in their OU hierarchy
Contact information.
Each top-level OU must contain contact information for the department to facilitate contacting OU administrators
When OU manager changes, notify the Enterprise Administrator
Verify new software deployments and GPO policies work by testing them in the Primus test domain as appropriate.
Communication and coordination
Work collectively with the domain admins and with other OU administrators
Keep informed about domain-wide changes (e.g. attend periodic meetings of the OU administrators or participate in mail lists)
Provide the following to the domain admins, when suspecting a desktop related problem stems from a change to the Active Directory or DC configuration

event description
logon name of affected user
name of affected computer
time of event
relevant warnings and errors in event logs
relevant warnings or errors displayed on screen



<br/><p style="margin:0in 0in 0.0001pt"><b>(e-Solutions provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. We especially invite women, minorities, veterans, and individuals with disabilities to apply. EEO/AA/M/F/Vet/Disability) </b></p>

<p class="MsoNormal" style="margin: 0px; color: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;"><span style="color: rgb(31, 73, 125);"> </span></p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>

<p style="margin:0in 0in 0.0001pt"> </p>