Martin Jeppesen

Freelance Active Directory and Microsoft Security Specialist @ avantia

Download resume as PDF

Profile

More than 20 years of experience working with IT infrastructure and coming from a background in electronics and computer hardware, which has made methodical troubleshooting and systematical approaches to complex issues a part of who I am.
I always take business requirements, security and enterprise architecture into account when designing solutions.

Fields of expertise: Microsoft Active Directory and integrating Active Directory with Identity Management systems and Federation Services.
Broad knowledge and experience with Microsoft infrastructure solutions and IT infrastructure in general.

Formal Education

Data technician | 1999 - 2005 | Euc syd - Sønderborg

Electronics technician | 1993 - 1997 | aarhus tech

Selected Microsoft Certifications

For full MCP Transcript: Please contact me for transcript id and access code.

Microsoft Certified: Cybersecurity Architect Expert
Microsoft Certified: Identity and Access Administrator Associate
Microsoft Certified: Security, Compliance, and Identity Fundamentals

 

Microsoft Certified Azure Administrator Associate

Microsoft Exam 744: Securing Windows Server 2016

MCSE: Cloud Platform and Infrastructure — Certified 2017 & 2018

Microsoft Exam 533: Implementing Microsoft Azure Infrastructure Solutions

Microsoft Certified Solution Associate (MCSA)

  • Windows Server 2012 – Charter Member

  • Windows 7

  • Windows Server 2008

Microsoft Certified IT Professional (MCITP)

  • Enterprise Administrator (Windows Server 2008)

  • Enterprise Desktop Administrator (Windows 7)

Microsoft Certified Systems Engineer (MCSE) - Security (Windows Server 2003)

Microsoft Certified Technology Specialist (MCTS)

  • Windows Server 2008 Active Directory

  • MDOP

  • Server Virtualization

Other Certifications

  • Quest Migration Manager for AD

  • ITIL Foundation (v2 and v3)

  • Prince2 Foundation

Projects

creation of test environment mirror of production ad

July 2017

Sector: Health IT and Regional Government

Description:

Using PowerShell to mirror the production AD's OUs, Users, Groups and Group Memberships to a test AD, that has different naming conventions, making LDIFDE unusable.

 

Active directory automation using powershell adsi

April 2017

Sector: Municipal

Description:

Development of PowerShell ADSI script, that automates group management for organizational groups.

Features:

  • Use of ADSI instead of Active Directory Module

  • Identifies users based on OU placement

  • Adds them to a group corresponding to the group

  • Removes users from groups, if the user is not placed in the OU corresponding to the group

  • If no group is found corresponding to the OU, group will be created

  • 100% dynamical with no use of mapping tables between OU and Group

 

Implementation of Least Privilege principle

January 2017 - Ongoing

Sector: Regional Government

Description:

Purpose: Limiting the number of highly privileged accounts in Active Directory and implementation of Microsoft's recommendations regarding Securing Privileged Access.

Tasks involved:

  • Identification of challenges to limiting the number of privileged accounts

  • Identification of stakeholders

  • Interviewing all parts of IT organization to identify all "pain points"

  • Initiating changes to software, tools and infrastructure to facilitate implementation of Principle of Least Privilige

  • Restructure of Active Directory

 

Remediation of active directory issues

September 2016 - December 2016

Sector: Regional Government

Description:

Remediation of issues identified in Microsoft ADRAP, including:

  • Securing old AD with recent changes to security settings and technologies

  • Changes to password policies

  • Conversion from ADM to ADMX Group Policy Administrative Templates and creation of Central Store

  • Migration from FRS to DFS-R

  • Scripted cleanup of stale accounts, duplicate SPNs and UPNs, DLT objects

  • Fixing inconsistencies in Group Policy

 

Usability - Development of specialized computers

March 2015 - November 2017

Sector: Health IT and Regional Government

Description:

Development of policies for and management of specialized computers for primarily hospital departments.

- Kiosk computers for patients to register at arrival or to find their way at the hospital
- Information monitors
- Medico Technical workstations
- Computers for specialized hospital functions

All these computertypes needs to be deployed, managed and controlled in a consistent way.
Security and reliability of these computertypes is a high priority, while still ensuring a user friendly interface.

Development of policy templates to facilitate faster development of future computertypes.

Close cooperation with
- Product specialists
- Internal IT Architects
- IT Security department
- Operations department
- Project Managers outside the project
- External vendors

Design and implementation of Bitlocker and MBAM infrastructure

January 2016

Sector: University

Description:

Encryption of University computers' harddisk volumes using Bitlocker, especially for scientist's computers.

Management using MBAM 2.5 SP1 in a complex environment including:

- SCCM for Bitlocker deployment and Compliance Reports

- Many Active Directory domains

- Centralized SQL environment with High Availability

 

Trusted advisor - New IT infrastructure platform

March 2015 - February 2016

Sector: Private / Utility Services

Description:

Trusted advisor for company renewing the complete IT infrastructure including:
- Server hardware platform
- SAN
- Firewall and network
- Virtualization platform
- OS versions
- Server application versions

Assisting with:
- Scope of project
- Technical review of offers
- Member of project board

 

Migration of Windows Server 2003 servers to newer versions

January 2015 - November 2015

Sector: Regional Government

Description:

Decomissioning or migration of Windows Server 2003 servers with 10+TB data and multiple roles before EoS.
- Analysis of hardware, software, roles, configuration and data on existing servers
- Planning the appropriate migration strategy for each server
- Planning and coordinating decommision of unused roles/systems/applications
   and migration of actively used roles/applications in order to seperate server roles.
- Assisting in actual migration

 

Usability - User Interface for new IT Infrastructure Platform

May 2014 - December 2014

Sector: Regional Government

Description:

Design of a new user interface that is used to access a new IT platform based on:
- XenApp
- Windows 7
- AppSense
- SCCM


I designed and helped implementing a user interface that is:
- Effective, simple and flexible
- Easy to learn and understand
- In tune with the users' needs
- In compliance with the business needs
- Able to let settings and data follow the users
- Recognizable across IT workplaces
- Effective to manage


In close cooperation with a group of user representatives, the IT operations department, decentralized IT support and other projects' IT Architects I also described, designed and assisted in implementing four main IT Workplace categories, that can be used across the 45.000 thousands users' different departments and work needs.

 

Active Directory architecture for Role Based Access Control and IDM

October 2012 – April 2014

Sector: Regional Government

Description:
Active Directory architecture and design of a centralized domain, supporting Role Based Access Control and User Lifecycle Management of 45.000 users from NetIQ Identity Manager.

Active Directory design and migration

March 2009 - June 2011

Sector: Municipal

Description:
Designing a new municipal Active Directory for 16.000 users optimized for management of users and groups from NetIQ Identity Manager.

Migrating from a seven-domain Active Directory forest to a new consolidated Active Directory domain, supporting decentralized IT-staff and multiple IT Operations Service Providers.

Supporting co-existence between the two forests during the systems migration fase using Quest Migration Manager for AD, to keep users, passwords, and groups synchronized and auto-migration of new users and groups.

ADFS Federation with SAML 2.0 Cloud based HR system

February 2012

Sector: Private, Enterprise

Description:
Ensuring SSO to HR system in the cloud from internal network and from the internet using SAML 2.0 ADFS 2.0 and ADFS Proxy. Configuration of both identity provider (ADFS) and service provider.

Design of IT platform for startup company

February 2010 - June 2010

Sector: Private / Utility Services

Description:
Design and implementation of complete IT infrastructure for a new Utility Services company, including WAN/LAN, server platform (Hyper-V) and server infrastructure.

While keeping a top-level view of the designs for each system/component and ensuring, that they integrated and where in line with business requirements, I was also responsible for implementing a large part of the Microsoft Infrastructure (AD, DHCP, File services, WSUS, SQL Server, FTP, TMG firewall, MDT deployment, RemoteApp).