Job Specifications
Active Directory Migration to Entra ID - Contract - Hybrid Working - Hatfield - Outside IR35
About the Role
This contractor role will focus specifically on designing, planning, and executing the migration of legacy Active Directory (AD) infrastructure into Microsoft Entra ID. You will act as the subject matter expert (SME) for identity modernisation, working with cross-functional teams to ensure a secure, seamless, and low-risk migration.
You’ll be hands-on with delivery, while also providing architectural guidance, risk assessments, and mentoring of permanent team members to leave behind a sustainable, well-documented solution.
Key Responsibilities
Lead the end-to-end migration of on-premises Active Directory workloads into Microsoft Entra ID
Assess current AD environment (domain controllers, trusts, group policies, authentication flows) and design a migration roadmap
Collaborate with security architects to ensure Zero Trust principles and conditional access policies are embedded during migration
Manage migration pilots, proof-of-concepts, and phased cutovers to minimise disruption
Implement Entra ID hybrid join, password hash sync, federation (if required), and conditional access
Migrate groups, users, service accounts, and workloads from AD to Entra ID
Configure and troubleshoot authentication methods (MFA, SSO, passwordless)
Ensure DNS, DHCP, PKI and related infrastructure components align with the target Entra ID model
Develop and maintain migration automation scripts (PowerShell / REST API)
Train and upskill internal engineers on Entra ID administration and support.
About You
You’ll bring deep, hands-on expertise in Microsoft identity platforms, particularly around migrations and hybrid identity scenarios:
Microsoft Environments: Advanced knowledge of Entra ID, Windows Server, Active Directory (domain services, GPOs, trusts, replication), and Azure AD Connect
Scripting & Automation: Proven ability to automate migration and identity lifecycle tasks using PowerShell and REST APIs
Infrastructure as Code (IaC): Experience implementing Terraform for Azure identity services.
Cloud & Security: Familiarity with Zero Trust, Conditional Access, MFA, PKI, and secure identity architecture
Experience in large-scale AD forest/domain consolidation projects
Knowledge of hybrid environments (Azure AD Connect Cloud Sync, federation, or migration off ADFS)
Strong troubleshooting skills across DNS, DHCP, networking, and authentication flows
Exposure to Google Workspace or cross-identity migrations is a plus
About the Company
Caraffi is a talent acquisition advisory specialising in:
- operational excellence
- brand and experience
- technology and data
We equip TA Leaders with the data and insights to become more strategic and impactful.
And design TA strategies that transform their businesses into data-driven, purpose-led and inclusive employers of choice.
Know more