WIN-02 · EXPERIENCE
I build, clean up, and run Windows Server and Active Directory
I work in the part of the environment everything else depends on: domain controllers, Group Policy, DNS, DHCP, and the file and print services people actually touch every day. I design Active Directory that makes sense, clean up the years of drift that pile up inside it, and take servers all the way from build to decommission. Every production change gets a written plan and a rollback before I touch anything.
01 · What I do
The actual work
- Design and restructure Active Directory: OU layout, sites and services, replication, trusts, and a tiering model that actually holds up.
- Clean up AD drift: stale accounts, orphaned objects, nested-group sprawl, and GPO conflicts nobody remembers creating.
- Build and manage Group Policy: write, test, scope, and document GPOs so settings land where you expect and nowhere else.
- Stand up and maintain DNS and DHCP: zones, scopes, conditional forwarders, reservations, and the records that quietly break things when they rot.
- Run file and print services: shares, NTFS permissions, DFS namespaces, quotas, and print queues without the mystery.
- Handle full server lifecycle: build, patch, harden, monitor, and decommission, with PowerShell doing the repetitive parts.
- Document what exists, so the next person and the next audit aren't guessing.
02 · What you get
What you are left with
- An Active Directory you can explain: clear OU and group structure, no orphaned junk, written down.
- Group Policy that does exactly what it says, with conflicts resolved and scoping documented.
- DNS and DHCP that are correct and current, so name resolution and addressing stop being a guessing game.
- Servers built, hardened, or retired on schedule, without surprise outages.
- A clean handoff: documentation, the scripts I used, and a record of what changed and why.
03 · Tools and knowledge
What I work with here
04 · How I approach it
Planned, scoped, and owned
Before I touch production we have a 30-minute scoping call, and I send back a written fit assessment the same day so we both know what we're dealing with. From there I write a documented change plan with a rollback, and I don't make the change until that plan and the rollback are agreed. Cutover happens inside a defined window, validated against gates we set up front, and I own the rollback if a gate fails. For AD and GPO work that means I test against a real picture of what's deployed, not assumptions, because the domain is the thing everything else leans on.
05 · Questions
Good questions, straight answers
Can you clean up Active Directory without breaking what's working?
Yes. I assess the current state first, then change in stages with a rollback for each step. Stale objects and bad group nesting come out carefully, not in one risky sweep, and nothing hits production without a written plan.
Do you work with hybrid or Entra ID setups?
My core is on-prem Windows Server and AD DS. I handle hybrid sync and the connection to Entra ID where it's part of the picture. If you need a deep, cloud-first identity build, I'll tell you that up front instead of pretending otherwise.
Can you handle a domain controller migration or a clean decommission?
Yes. I build the new DCs, verify replication and FSMO roles, move services like DNS and DHCP deliberately, then demote and retire the old server inside a defined window with validation gates.
06 · Related experience
Adjacent work I do
Need this handled?
Tell me what you are trying to move and where it is stuck. A few sentences is plenty to start, and it goes straight to my inbox.