Martin Jeppesen
Freelance Active Directory and Microsoft Security Specialist @ avantia
Profile
More than 20 years of experience working with IT infrastructure and coming from a background in electronics and computer hardware, which has made methodical troubleshooting and systematical approaches to complex issues a part of who I am.
I always take business requirements, security and enterprise architecture into account when designing solutions.
Fields of expertise: Microsoft Active Directory and integrating Active Directory with Identity Management systems and Federation Services.
Broad knowledge and experience with Microsoft infrastructure solutions and IT infrastructure in general.
Formal Education
Data technician | 1999 - 2005 | Euc syd - Sønderborg
Primary areas: IT, Hardware, Software, Networks, Servers, Programming (high-level and low-level)
Description of education by Europass and Danish Ministry of Higher Education and Science (from: http://certsupp.uds.dk/)
Electronics technician | 1993 - 1997 | aarhus tech
Primary areas: Electronics, Hardware, Methodical troubleshooting, Documentation, Assembly language programming
Description of education by Europass and Danish Ministry of Higher Education and Science (from: http://certsupp.uds.dk/)
Selected Microsoft Certifications
For full MCP Transcript: Please contact me for transcript id and access code.
Microsoft Certified: Cybersecurity Architect Expert
Microsoft Certified: Identity and Access Administrator Associate
Microsoft Certified: Security, Compliance, and Identity Fundamentals
Microsoft Certified Azure Administrator Associate
Microsoft Exam 744: Securing Windows Server 2016
MCSE: Cloud Platform and Infrastructure — Certified 2017 & 2018
Microsoft Exam 533: Implementing Microsoft Azure Infrastructure Solutions
Microsoft Certified Solution Associate (MCSA)
Windows Server 2012 – Charter Member
Windows 7
Windows Server 2008
Microsoft Certified IT Professional (MCITP)
Enterprise Administrator (Windows Server 2008)
Enterprise Desktop Administrator (Windows 7)
Microsoft Certified Systems Engineer (MCSE) - Security (Windows Server 2003)
Microsoft Certified Technology Specialist (MCTS)
Windows Server 2008 Active Directory
MDOP
Server Virtualization
Other Certifications
Quest Migration Manager for AD
ITIL Foundation (v2 and v3)
Prince2 Foundation
Projects
creation of test environment mirror of production ad
July 2017
Sector: Health IT and Regional Government
Description:
Using PowerShell to mirror the production AD's OUs, Users, Groups and Group Memberships to a test AD, that has different naming conventions, making LDIFDE unusable.
Active directory automation using powershell adsi
April 2017
Sector: Municipal
Description:
Development of PowerShell ADSI script, that automates group management for organizational groups.
Features:
Use of ADSI instead of Active Directory Module
Identifies users based on OU placement
Adds them to a group corresponding to the group
Removes users from groups, if the user is not placed in the OU corresponding to the group
If no group is found corresponding to the OU, group will be created
100% dynamical with no use of mapping tables between OU and Group
Implementation of Least Privilege principle
January 2017 - Ongoing
Sector: Regional Government
Description:
Purpose: Limiting the number of highly privileged accounts in Active Directory and implementation of Microsoft's recommendations regarding Securing Privileged Access.
Tasks involved:
Identification of challenges to limiting the number of privileged accounts
Identification of stakeholders
Interviewing all parts of IT organization to identify all "pain points"
Initiating changes to software, tools and infrastructure to facilitate implementation of Principle of Least Privilige
Restructure of Active Directory
Remediation of active directory issues
September 2016 - December 2016
Sector: Regional Government
Description:
Remediation of issues identified in Microsoft ADRAP, including:
Securing old AD with recent changes to security settings and technologies
Changes to password policies
Conversion from ADM to ADMX Group Policy Administrative Templates and creation of Central Store
Migration from FRS to DFS-R
Scripted cleanup of stale accounts, duplicate SPNs and UPNs, DLT objects
Fixing inconsistencies in Group Policy
Usability - Development of specialized computers
March 2015 - November 2017
Sector: Health IT and Regional Government
Description:
Development of policies for and management of specialized computers for primarily hospital departments.
- Kiosk computers for patients to register at arrival or to find their way at the hospital
- Information monitors
- Medico Technical workstations
- Computers for specialized hospital functions
All these computertypes needs to be deployed, managed and controlled in a consistent way.
Security and reliability of these computertypes is a high priority, while still ensuring a user friendly interface.
Development of policy templates to facilitate faster development of future computertypes.
Close cooperation with
- Product specialists
- Internal IT Architects
- IT Security department
- Operations department
- Project Managers outside the project
- External vendors
Design and implementation of Bitlocker and MBAM infrastructure
January 2016
Sector: University
Description:
Encryption of University computers' harddisk volumes using Bitlocker, especially for scientist's computers.
Management using MBAM 2.5 SP1 in a complex environment including:
- SCCM for Bitlocker deployment and Compliance Reports
- Many Active Directory domains
- Centralized SQL environment with High Availability
Trusted advisor - New IT infrastructure platform
March 2015 - February 2016
Sector: Private / Utility Services
Description:
Trusted advisor for company renewing the complete IT infrastructure including:
- Server hardware platform
- SAN
- Firewall and network
- Virtualization platform
- OS versions
- Server application versions
Assisting with:
- Scope of project
- Technical review of offers
- Member of project board
Migration of Windows Server 2003 servers to newer versions
January 2015 - November 2015
Sector: Regional Government
Description:
Decomissioning or migration of Windows Server 2003 servers with 10+TB data and multiple roles before EoS.
- Analysis of hardware, software, roles, configuration and data on existing servers
- Planning the appropriate migration strategy for each server
- Planning and coordinating decommision of unused roles/systems/applications
and migration of actively used roles/applications in order to seperate server roles.
- Assisting in actual migration
Usability - User Interface for new IT Infrastructure Platform
May 2014 - December 2014
Sector: Regional Government
Description:
Design of a new user interface that is used to access a new IT platform based on:
- XenApp
- Windows 7
- AppSense
- SCCM
I designed and helped implementing a user interface that is:
- Effective, simple and flexible
- Easy to learn and understand
- In tune with the users' needs
- In compliance with the business needs
- Able to let settings and data follow the users
- Recognizable across IT workplaces
- Effective to manage
In close cooperation with a group of user representatives, the IT operations department, decentralized IT support and other projects' IT Architects I also described, designed and assisted in implementing four main IT Workplace categories, that can be used across the 45.000 thousands users' different departments and work needs.
Active Directory architecture for Role Based Access Control and IDM
October 2012 – April 2014
Sector: Regional Government
Description:
Active Directory architecture and design of a centralized domain, supporting Role Based Access Control and User Lifecycle Management of 45.000 users from NetIQ Identity Manager.
Active Directory design and migration
March 2009 - June 2011
Sector: Municipal
Description:
Designing a new municipal Active Directory for 16.000 users optimized for management of users and groups from NetIQ Identity Manager.
Migrating from a seven-domain Active Directory forest to a new consolidated Active Directory domain, supporting decentralized IT-staff and multiple IT Operations Service Providers.
Supporting co-existence between the two forests during the systems migration fase using Quest Migration Manager for AD, to keep users, passwords, and groups synchronized and auto-migration of new users and groups.
ADFS Federation with SAML 2.0 Cloud based HR system
February 2012
Sector: Private, Enterprise
Description:
Ensuring SSO to HR system in the cloud from internal network and from the internet using SAML 2.0 ADFS 2.0 and ADFS Proxy. Configuration of both identity provider (ADFS) and service provider.
Design of IT platform for startup company
February 2010 - June 2010
Sector: Private / Utility Services
Description:
Design and implementation of complete IT infrastructure for a new Utility Services company, including WAN/LAN, server platform (Hyper-V) and server infrastructure.
While keeping a top-level view of the designs for each system/component and ensuring, that they integrated and where in line with business requirements, I was also responsible for implementing a large part of the Microsoft Infrastructure (AD, DHCP, File services, WSUS, SQL Server, FTP, TMG firewall, MDT deployment, RemoteApp).