How long should an Active Directory CV be?

Two pages for junior and mid-level roles. Senior architects with multi-forest migrations and a decade of experience can stretch to three pages, but only if every bullet adds value.

Do I need Microsoft certifications to get an AD role?

Not always for junior roles, but they help enormously. AZ-800/801 (Windows Server Hybrid Administrator) is the core credential recruiters scan for. If you lack experience, a certification proves you know the fundamentals and will often get you past the first filter.

Should I include Windows Server 2008 or VBScript on my CV?

Only in migration context. Leading with legacy tech dates you. Put current versions (Server 2019/2022, PowerShell, Entra ID) at the top of your skills and experience, then mention older versions when describing upgrade or migration projects.

What if I only have on-prem AD experience and no cloud?

Most employers now run hybrid environments, so pure on-prem experience reads as incomplete. If you lack hands-on cloud work, set up a home lab with Entra ID Connect, complete Microsoft Learn modules for AZ-104 or SC-300, and add a line about it in your Additional Information section.

How do I show Active Directory experience if I am changing careers?

Highlight transferable skills: scripting (PowerShell, Python), systems administration, networking (DNS, DHCP), or identity and access management. Set up a home lab with AD DS and Entra ID, complete AZ-800/801 certification, and write a personal statement that explains your motivation and readiness to specialise in directory services.

Should I include a photo or date of birth on my CV?

No. UK CVs carry neither. Including them can trigger unconscious bias and some employers will reject the CV on principle.

Active Directory CV Examples

Updated 22 June 2026

An Active Directory CV must prove you can run the tier-0 infrastructure that underpins authentication, authorisation and identity across an organisation. Recruiters scan for environment scale (user counts, domain controllers, sites), hybrid identity experience (Entra ID, SSO, MFA) and Microsoft certifications. This guide shows you how to write an Active Directory CV that passes ATS filters and wins interviews in 2026.

Active Directory CV examples

Junior Active Directory Administrator

entry

Leads with current tech (Server 2019, Entra ID, PowerShell) and quantifies the environment scale, avoiding legacy skills that date the CV.

Riley Sample

Junior Active Directory Administrator

Email:

riley.sample@example.com

Phone:

+44 7700 900123

Location:

Manchester, UK

LinkedIn:

https://www.linkedin.com/in/rileysample

Summary

Active Directory administrator with two years supporting a 3,500-user hybrid environment. Proficient in user provisioning, Group Policy management and PowerShell automation. Holds Windows Server Hybrid Administrator Associate certification and experienced in Entra ID sync troubleshooting.

Skills

•

Active Directory Domain Services

•

Windows Server 2019/2022

•

Entra ID (Azure AD)

•

Azure AD Connect

•

Group Policy (GPO)

•

PowerShell scripting

•

DNS and DHCP

•

LDAP and Kerberos

•

RSAT and ADUC

•

Multi-factor authentication (MFA)

•

ITIL change management

Experience

Mar. 2024

Present

Junior Active Directory Administrator

Meridian Technology Solutions

•

Administer Active Directory for 3,500+ user accounts and 800+ machines across 6 UK offices, maintaining 99.8% directory availability.

•

Provision and de-provision 40+ user accounts monthly using PowerShell scripts, reducing manual effort by 25% compared to GUI-only workflows.

•

Troubleshoot Entra ID sync errors (immutableID and SMTP mismatches) for 50+ hybrid accounts, restoring SSO access within 2 hours average.

•

Manage 30+ Group Policy Objects to enforce security baselines and software deployment, documenting all changes in ITIL change control system.

Jun. 2022

Feb. 2024

IT Support Technician

Regional NHS Trust (South West)

•

Supported 1,200-user Active Directory environment, creating and modifying accounts, resetting passwords and managing security group memberships.

•

Assisted with Group Policy rollout for Windows 10 to 11 upgrade across 400 workstations, achieving 95% compliance within 3 months.

•

Documented DNS and DHCP configurations for 8 hospital sites, improving handover clarity and reducing troubleshooting time by 20%.

Education

2019

2022

Bachelor of Science

Manchester Metropolitan University

Computer Networks and Security

•

Final-year project: Designed a multi-site Active Directory lab with domain trusts and replication topology.

Achievements

•

Windows Server Hybrid Administrator Associate (AZ-800 and AZ-801)

Microsoft

•

Azure Fundamentals (AZ-900)

Microsoft

Additional Information

Languages:

English (Native)

Interests:

•

Home lab: Active Directory forest with Server 2022 and Entra ID Connect

•

PowerShell user group member

Active Directory Engineer

mid

Quantifies hybrid identity work and migration scale, names protocols (Kerberos, LDAP, SAML) and shows PowerShell automation outcomes.

JORDAN SAMPLE

Active Directory Engineer with five years designing and managing enterprise directory services for 10,000+ users. Specialist in hybrid identity (Entra ID, ADFS, SSO), Group Policy at scale and cross-forest migrations. Azure Administrator Associate certified with a track record of reducing authentication incidents and automating provisioning workflows.

CONTACT INFORMATION

Email:

jordan.sample@example.com

Phone:

+44 7700 900456

Location:

Birmingham, UK

LinkedIn:

https://www.linkedin.com/in/jordansample

SKILLS

•

Active Directory Domain Services

•

Entra ID (Azure AD)

•

Azure AD Connect and Cloud Sync

•

ADFS and SSO (SAML, OAuth2, OpenID Connect)

•

Windows Server 2019/2022

•

Group Policy design and remediation

•

PowerShell and Microsoft Graph API

•

LDAP, Kerberos and NTLM

•

DNS, DHCP and DFS

•

AD Sites and Services (replication topology)

•

Multi-factor authentication and Conditional Access

•

ITIL change and incident management

EXPERIENCE

Active Directory Engineer

Apex Financial Services Group

Jan. 2023

Present

•

Manage hybrid Active Directory environment for 10,500 user accounts, 2,200 machines and 12 UK and EMEA offices, maintaining 99.9% directory uptime.

•

Migrated 4,800 user accounts from legacy forest to new Windows Server 2022 domain using ADMT 3.2, preserving SID history and completing cutover with zero authentication downtime.

•

Automated user provisioning and de-provisioning with PowerShell and Microsoft Graph API, reducing manual effort by 35% and cutting new-joiner setup time from 2 hours to 20 minutes.

•

Designed and deployed 80+ Group Policy Objects to enforce MFA, BitLocker encryption and security baselines, remediating 95% of audit findings within 6 weeks and passing PCI DSS compliance review.

Active Directory Administrator

Horizon IT Consultancy

Apr. 2021

Dec. 2022

•

Administered Active Directory for 6,000+ users across 8 client environments, resolving Entra ID sync conflicts (GUID and SMTP mismatches) for 120+ hybrid accounts.

•

Upgraded 85 domain controllers from Windows Server 2012 R2 to 2019, reducing security vulnerabilities by 60% and improving replication latency by 25%.

•

Configured ADFS federation and SSO for 3 SaaS applications (Salesforce, ServiceNow, Workday), enabling single sign-on for 2,500 users and reducing helpdesk password-reset tickets by 40%.

•

Developed PowerShell scripts to audit stale accounts and unused security groups, identifying and removing 1,200+ dormant objects and improving directory hygiene.

Junior Systems Administrator

Regional Council IT Services

Sep. 2019

Mar. 2021

•

Supported Active Directory for 3,200 users and 700 machines, creating accounts, managing group memberships and applying Group Policy changes under ITIL change control.

•

Assisted with DNS and DHCP administration across 15 council sites, documenting subnet configurations and reducing IP conflict incidents by 30%.

•

Monitored AD replication health using ADSI Edit and Repadmin, escalating replication failures and maintaining 99.5% domain controller availability.

EDUCATION

Bachelor of Science

Aston University

Information Technology

2016

2019

ACHIEVEMENTS

•

Azure Administrator Associate (AZ-104)

Microsoft

•

Windows Server Hybrid Administrator Associate (AZ-800 and AZ-801)

Microsoft

•

Identity and Access Administrator Associate (SC-300)

Microsoft

ADDITIONAL INFORMATION

Languages:

English (Native)

French (Intermediate)

Interests:

•

PowerShell scripting and automation

•

Zero Trust architecture and identity security

Senior Active Directory Architect

senior

Demonstrates architecture and design work (forest trusts, Sites & Services, FSMO, PKI), quantifies multi-forest migration scale and shows identity security leadership.

Riley Sample

Senior Active Directory Architect

+44 7700 900789

riley.sample.senior@example.com

London, UK

https://www.linkedin.com/in/rileysamplesenior

SUMMARY

Senior Active Directory architect with nine years designing and migrating enterprise directory services for 25,000+ users across multi-forest environments. Expert in hybrid identity (Entra ID, ADFS, Conditional Access), replication topology, domain trusts and Zero Trust security. Holds Identity and Access Administrator Associate and legacy MCSE: Core Infrastructure certifications, with a proven record of delivering complex migrations and reducing authentication incidents by 70%.

SKILLS

•

Active Directory architecture and design

•

Multi-forest and cross-forest migrations

•

Entra ID (Azure AD) and hybrid identity

•

ADFS, SSO and federation (SAML, OAuth2, OpenID Connect)

•

AD Sites and Services (replication topology)

•

Domain trusts (one-way and two-way)

•

FSMO role placement and transfer

•

Group Policy at scale (100+ policies)

•

PowerShell and Microsoft Graph API automation

•

PKI and certificate services

•

DNS, DHCP, DFS and file services

•

Zero Trust, MFA and Conditional Access

•

Defender for Identity and AD ACL hardening

•

LDAP, Kerberos, NTLM

•

ITIL and enterprise change control

EXPERIENCE

Senior Active Directory Architect

Global Financial Corporation

Jun. 2021

Present

•

Architect and manage Active Directory for 25,000+ users, 5,500 servers and 48 domain controllers across 12 forests, 24 sites and 300+ subnets in EMEA and APAC regions.

•

Led cross-forest migration of 18,000 user accounts and 1,200 servers using ADMT 3.2 and Quest Migration Manager, establishing two-way forest trusts and preserving SID history with zero authentication downtime over 9-month programme.

•

Designed AD Sites and Services replication topology for 24 global offices, optimising site links and schedules to reduce inter-site replication latency by 40% and improve DC availability to 99.95%.

•

Implemented Zero Trust identity security framework with Entra ID Conditional Access, MFA and Defender for Identity, reducing authentication-related incidents by 70% and passing SOC 2 Type II audit with zero findings.

Lead Active Directory Engineer

Enterprise Cloud Solutions Ltd

Feb. 2018

May 2021

•

Managed hybrid Active Directory for 15,000 users, 3,200 machines and 32 domain controllers across 18 UK and European sites, maintaining 99.9% directory uptime.

•

Migrated 6,200 user accounts and 800 servers from Windows Server 2008 R2 to 2019 forest, using ADMT 3.2 and Password Export Server to preserve credentials and completing cutover in 6 months with zero data loss.

•

Designed and deployed 120+ Group Policy Objects to enforce security baselines, BitLocker, LAPS and Windows Defender ATP, remediating 98% of Cyber Essentials Plus audit findings within 8 weeks.

•

Automated AD provisioning, de-provisioning and reporting with PowerShell and Microsoft Graph API, reducing manual admin effort by 45% and cutting new-joiner onboarding time from 3 hours to 30 minutes.

Active Directory Engineer

National Healthcare IT Services

Jul. 2015

Jan. 2018

•

Administered Active Directory for 12,000 NHS users and 2,800 machines across 22 hospital sites, supporting 28 domain controllers and maintaining 99.8% availability.

•

Upgraded 150+ servers from Windows Server 2012 to 2016, drastically reducing security vulnerabilities and improving patch compliance from 78% to 96% within 4 months.

•

Configured ADFS and SSO for 5 clinical applications (EPR, PACS, pathology), enabling single sign-on for 8,000 clinicians and reducing helpdesk authentication tickets by 50%.

•

Designed OU structure and delegated administration model for 6 NHS trusts, implementing tiered admin access and RBAC to meet NHS Digital security standards and pass annual audit.

Systems Administrator

Midlands IT Support Services

Mar. 2013

Jun. 2015

•

Supported Active Directory for 4,500 users and 1,000 machines, managing user accounts, security groups and Group Policy under ITIL change control.

•

Administered DNS and DHCP across 50+ subnets, documenting configurations and reducing IP conflict incidents by 35%.

•

Monitored AD replication health and domain controller performance using Repadmin and Performance Monitor, escalating failures and maintaining 99.5% DC uptime.

EDUCATION

Bachelor of Science

University of Warwick

Computer Science

2009

2012

ACHIEVEMENTS

•

Identity and Access Administrator Associate (SC-300)

Microsoft

•

Azure Administrator Associate (AZ-104)

Microsoft

•

Windows Server Hybrid Administrator Associate (AZ-800 and AZ-801)

Microsoft

•

MCSE: Core Infrastructure (legacy)

Microsoft

ADDITIONAL INFORMATION

Languages:

English (Native)

Interests:

•

Zero Trust architecture and identity security

•

PowerShell and Microsoft Graph API automation

Volunteering:

•

Mentor for junior systems administrators through TechUK mentoring scheme

Other:

•

Speaker at UK Microsoft User Group on hybrid identity and Entra ID best practices (2024)

Build your active directory CV →

How to write an active directory CV

Format and length

UK Active Directory CVs run two pages for mid-level roles, stretching to three for senior architects with multi-forest migration portfolios. Use reverse-chronological order. Open with a personal statement (2-3 sentences), then contact details, skills, experience, education, certifications and any relevant additional information. No photo, no date of birth.

Personal statement

Lead with your AD specialism, environment scale and certifications. Name current technologies (Server 2019/2022, Entra ID, PowerShell) and quantify the user base or domain count you manage. Avoid generic IT phrases.

Experience section

This is where you prove capability. Every bullet needs a metric: user counts, machine counts, domain controllers, sites, GPO counts, migration object counts or percentage improvements. Show hybrid identity work (Entra ID sync, ADFS, SSO) and name the protocols (Kerberos, LDAP, SAML). Separate administration (creating accounts, resetting passwords) from engineering and architecture (designing OU structure, replication topology, domain trusts). Senior roles must evidence design work.

Skills

List 10-12 hard skills: AD DS, Entra ID, Azure AD Connect, Group Policy, PowerShell, DNS, DHCP, authentication protocols, Windows Server versions. Include certifications as a separate Achievements section. Front-load current tech; relegate legacy versions (Server 2008, VBScript) to migration context only.

Education and certifications

List degrees in reverse-chronological order. Certifications carry more weight than degrees for AD roles: place them in a dedicated Achievements section and name the current Microsoft credentials (AZ-800/801, AZ-104, SC-300). Legacy MCSA/MCSE still signal experience if you hold them.

What to include per section

Section	Junior	Mid	Senior
Personal statement	Certification + user count	Hybrid identity + scale	Architecture + multi-forest
Experience bullets	Administer accounts, GPOs	Migrations, automation	Design, trusts, replication
Skills	AD DS, PowerShell, DNS	Entra ID, ADFS, ADMT	Sites & Services, FSMO, PKI
Certifications	AZ-800/801 or in progress	AZ-104, SC-300	Multiple Microsoft certs

Personal statement examples

Strong

Weak

Experienced IT professional with strong Active Directory skills and a passion for technology. Hard-working team player looking for a new challenge in a dynamic organisation. Familiar with Windows Server and Azure, with excellent communication skills and a commitment to delivering results.

Writing your experience

The result-plus-metric pattern

Active Directory bullets must quantify the environment and the outcome. Recruiters want to see scale (user counts, DC counts, site counts) and impact (uptime, incident reduction, time saved). The formula: action verb + AD task + scale + outcome.

Weak: Managed Active Directory and Group Policy for the organisation.

Strong: Managed Active Directory for 10,500 user accounts, 2,200 machines and 12 UK offices, maintaining 99.9% directory uptime.

Weak: Migrated users to new domain.

Strong: Migrated 4,800 user accounts from legacy forest to Windows Server 2022 domain using ADMT 3.2, preserving SID history and completing cutover with zero authentication downtime.

Weak: Created PowerShell scripts to automate tasks.

Strong: Automated user provisioning and de-provisioning with PowerShell and Microsoft Graph API, reducing manual effort by 35% and cutting new-joiner setup time from 2 hours to 20 minutes.

Show hybrid identity, not just on-prem AD

Most employers now run hybrid environments. A CV with only on-prem AD DS reads as incomplete in 2026. Every mid-level and senior CV should show Entra ID (Azure AD), Azure AD Connect or Cloud Sync, SSO, MFA and Conditional Access. Concrete details matter: resolving sync errors (immutableID mismatches, GUID conflicts, SMTP duplicates) is more credible than "configured Azure AD".

Separate admin from architecture

Junior roles focus on administration: creating accounts, resetting passwords, managing group memberships, applying GPOs. Senior and engineer roles must evidence design and architecture work: OU structure, Sites & Services replication topology, domain trusts (one-way and two-way), FSMO role placement, schema changes, PKI. If your bullets are all "created accounts" and "reset passwords", you will be read as junior regardless of job title.

Name the protocols and tools

ATS filters and technical interviewers look for specific keywords. Name the authentication protocols (Kerberos, LDAP, NTLM) and federation standards (SAML, OAuth2, OpenID Connect). Name the migration tools (ADMT, Quest Migration Manager, Azure AD Connect). Name the admin tools (RSAT, ADUC, GPMC, AD Sites & Services, Repadmin). These signal you understand how AD actually works, not just the GUI.

Action verbs for AD roles

Administered, architected, automated, configured, designed, deployed, engineered, implemented, managed, migrated, monitored, optimised, provisioned, remediated, resolved, scripted, troubleshot, upgraded.

Do/don't table

Don't	Do
Managed Active Directory	Managed Active Directory for 10,500 users, 2,200 machines and 12 offices
Migrated to new domain	Migrated 4,800 accounts using ADMT 3.2, preserving SID history with zero downtime
Configured Azure AD	Resolved Entra ID sync errors (immutableID mismatches) for 50+ hybrid accounts
Responsible for Group Policy	Deployed 80+ GPOs to enforce MFA and BitLocker, passing PCI DSS audit
Automated tasks with PowerShell	Automated provisioning with PowerShell, reducing manual effort by 35%

Key skills & ATS keywords

Hard skills

Active Directory Domain Services (AD DS)Entra ID (Azure AD)Azure AD Connect and Cloud SyncWindows Server 2019/2022Group Policy (GPO) design and managementPowerShell scripting and automationMicrosoft Graph APIDNS and DHCPLDAP, Kerberos and NTLMADFS and SSO (SAML, OAuth2, OpenID Connect)AD Sites and Services (replication topology)Domain trusts and FSMO rolesADMT and migration toolsPKI and certificate servicesDFS and file servicesMulti-factor authentication (MFA) and Conditional AccessDefender for IdentityRSAT, ADUC, GPMC

Soft skills

Problem-solving and troubleshootingAttention to detailCommunication with non-technical stakeholdersDocumentation and knowledge transferITIL change and incident managementProject planning and deliveryMentoring junior administrators

ATS keywords

Active DirectoryAD DSEntra IDAzure ADAzure AD ConnectGroup PolicyGPOPowerShellWindows Server 2019Windows Server 2022LDAPKerberosNTLMDNSDHCPADFSSSOSAMLMFAConditional AccessADMTdomain controllerreplicationSites and ServicesFSMOdomain trustAZ-800AZ-801AZ-104SC-300MCSAMCSE

Education & certifications

Education

List degrees in reverse-chronological order: institution name, degree title, field of study, start and end years. A computer science, IT or networks degree is common but not essential; many AD professionals enter via apprenticeships or vendor certifications. If your degree is unrelated or you have no degree, lead with certifications and experience instead.

Certifications

For Active Directory roles, Microsoft certifications matter more than degrees. Recruiters scan for these first. List them in a dedicated Achievements section, with the full credential name and issuing body.

Current Microsoft certifications for AD roles (2026):

Windows Server Hybrid Administrator Associate (AZ-800 and AZ-801), the core AD credential, covering on-prem and hybrid identity.
Azure Administrator Associate (AZ-104), essential for hybrid environments and Entra ID.
Identity and Access Administrator Associate (SC-300), specialist credential for Entra ID, Conditional Access, MFA and identity governance.
Legacy MCSA/MCSE: Core Infrastructure, if you hold these (pre-2021), list them; they still signal experience even though Microsoft retired the programme.

Other relevant certifications:

CompTIA Server+ or Network+ (entry-level foundation).
ITIL Foundation (for change and incident management).
Certified Information Systems Security Professional (CISSP) or similar (for senior security-focused roles).

If you are working towards a certification, list it as "in progress" with the expected completion date. If you hold legacy certifications (MCSA, MCSE), keep them on the CV; they prove experience even if the credential is retired.

Training and professional development

Microsoft Learn modules, Pluralsight or Udemy courses, and vendor training (Quest, SolarWinds) can go in an Additional Information section if space allows. Only include these if they are recent (last two years) and directly relevant to the role you are targeting.

Common mistakes to avoid

Leading with legacy technology (Windows Server 2003/2008, VBScript) as primary skills.
Put current tech first: Windows Server 2019/2022, Entra ID, PowerShell. Mention legacy versions only in migration context, e.g. 'Upgraded 150+ servers from Server 2012 to 2019'.
Listing duties instead of outcomes: 'Responsible for Active Directory administration'.
Quantify the environment and the result: 'Managed Active Directory for 10,500 users and 12 offices, maintaining 99.9% uptime'.
Omitting hybrid identity experience (Entra ID, Azure AD Connect, SSO, MFA).
Show the hybrid story. Most employers run hybrid in 2026. Add bullets on Entra ID sync, ADFS, Conditional Access or MFA rollout.
Failing to quantify migration scale: 'Migrated users to new domain'.
Name the tool, the object counts and the outcome: 'Migrated 4,800 accounts using ADMT 3.2, preserving SID history with zero downtime'.
Not naming authentication protocols (Kerberos, LDAP, NTLM, SAML).
ATS filters scan for these keywords. Add them to your skills list and weave them into experience bullets where relevant.
Letting the CV drift into Exchange/Office 365 mailbox migration with no directory work.
For an AD-focused role, foreground directory work: user objects, GPOs, trusts, DCs, DNS/DHCP. Keep mailbox migration as supporting context or you will be read as a messaging admin.

Junior vs senior: what changes

Aspect	Junior	Senior
Personal statement	Certification (AZ-800/801) + user count managed + core skills (GPO, PowerShell).	Years of experience + architecture (multi-forest, trusts, replication) + certifications (SC-300, AZ-104) + measurable impact (incident reduction, migration scale).
Environment scale	3,000-5,000 users, single domain, 6-10 offices.	15,000-25,000+ users, multi-forest, 20+ sites, 30+ domain controllers, 300+ subnets.
Experience bullets	Administer accounts, apply GPOs, troubleshoot sync errors, support DNS/DHCP.	Design OU structure, replication topology, domain trusts, FSMO placement; lead cross-forest migrations; implement Zero Trust and Conditional Access.
Hybrid identity	Troubleshoot Entra ID sync errors, configure Azure AD Connect.	Architect hybrid identity strategy, design ADFS federation, implement Conditional Access and MFA at scale, integrate Defender for Identity.
Group Policy	Manage 20-40 GPOs, apply security baselines, document changes.	Design and deploy 100+ GPOs across multiple domains, remediate audit findings, automate GPO reporting and compliance.
Automation	Write PowerShell scripts for bulk user provisioning and reporting.	Automate provisioning, de-provisioning, compliance and reporting with PowerShell and Microsoft Graph API; reduce manual effort by 30-45%.

Active Directory CV Examples

Active Directory CV examples

Junior Active Directory Administrator

Active Directory Engineer

Senior Active Directory Architect

How to write an active directory CV

Format and length

Personal statement

Experience section

Skills

Education and certifications

What to include per section

Personal statement examples

Writing your experience

The result-plus-metric pattern

Show hybrid identity, not just on-prem AD

Separate admin from architecture

Name the protocols and tools

Action verbs for AD roles

Do/don't table

Key skills & ATS keywords

Hard skills

Soft skills

ATS keywords

Education & certifications

Education

Certifications

Training and professional development

Common mistakes to avoid

Junior vs senior: what changes

Frequently asked questions

How long should an Active Directory CV be?

Do I need Microsoft certifications to get an AD role?

Should I include Windows Server 2008 or VBScript on my CV?

What if I only have on-prem AD experience and no cloud?

How do I show Active Directory experience if I am changing careers?

Should I include a photo or date of birth on my CV?