Microsoft Server & Azure IaaS Administrator (AD/GPO/IIS)Remote
Description:Diversified Systems is searching for a Microsoft Server & Azure IaaS Administrator to assist with the management of Windows Server, Active Directory, Group Policy, IIS, and Azure IaaS resources. This role will be responsible for day-to-day operations, security hardening, automation, and high-availability support across on-premises and cloud environments. This position will partner closely with network, security, and application teams to ensure reliable service delivery and continuous improvement.
Responsibilities:- Configure and maintain Windows Server (2016-2025); manage roles/features (AD DS, DNS, DHCP, Client, File Services), patching, performance tuning, and capacity planning.
- Configure and support IIS websites and applications, including application pools, bindings, SSL/TLS certificates, URL Rewrite/ARR, security hardening, and log analysis; optimize availability and performance.
- Manage Azure VMs, VM Scale Sets, disks/storage, Azure Files, VNETs, subnets, NSGs/ASGs, Load Balancer/App Gateway, Bastion; implement backup (Azure Backup), DR (Azure Site Recovery), monitoring/alerts (Azure Monitor), and cost governance.
- Maintain domain health and replication; manage OU structure, users, groups, GMSAs, service accounts, and delegated permissions; troubleshoot authentication/Kerberos/NTLM issues.
- Use native tools and platforms (Event Viewer, PerfMon, Azure Monitor, Log Analytics) to proactively detect and resolve issues impacting availability, performance, or security.
- Design, implement, and maintain GPOs for security baselines, server configurations, and compliance; perform impact testing and change control.
- Apply CIS/Microsoft security baselines, TLS configurations, vulnerability remediation, endpoint hardening, and log review; partner with security for audits and incident response.
- Build PowerShell scripts/modules to automate routine tasks (provisioning, patching, reporting) and Infrastructure-as-Code deployments.
- Produce and maintain SOPs, diagrams, inventories, and runbooks; follow ITIL change/incident processes; contribute to knowledge base.
- Serve as escalation point for server/web platform issues; coordinate with application owners on deployments, certificates, and integrations.
- Lead or support upgrades, migrations, re-platforming, and cloud adoption initiatives; drive standardization and modernization.
- Provide answers and documentation, and implement changes required as part of IRS audit findings.
Requirements:- 7 years of experience administering Windows Server, Active Directory, Group Policy, and IIS in mid-to-large enterprise environments required.
- Group Policy design and troubleshooting (RSOP, GPMC, GPResult) required.
- Windows Server (2016-2025), AD DS, DNS, and restores required.
- IIS configuration, SSL/TLS, bindings, application pools, URL Rewrite/ARR, and logging required.
- Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics) required.
- PowerShell scripting (automation, modules, REST/Graph, CLI) required.
- Azure Administrator Associate (AZ-104) certification required.
- Windows Server Hybrid Administrator Associate (AZ-800/AZ-801) certification required.
- Azure Network Engineer (AZ-700) highly desired.
- Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow, or Jira required.
- Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, and private endpoints required.
- Familiarity with .NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, and mutual TLS required.
- Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints required.
- Strong documentation, change control, and incident/problem management (ITIL) required.
- Experience with Azure DevOps server-side configurations highly desired.
- Clear communication skills, collaboration skills, organizational skills, and the ability to prioritize across multiple stakeholders and deadlines required.