Charles-Antoine Gourdon

Besse — AD Technical Expert / N3 System Engineer

Context:

Taking over a multi-domain Microsoft On-Prem infrastructure (~400 servers) with high technical debt and numerous internal applications. Objectives: modernize tools, secure Active Directory, manage strategic projects, and support a highly customized critical IS.

Achievements:

RUN / Production

• Integration into the N3 System team to manage a complete environment: AD DS, Exchange On-Prem, SharePoint On-Prem, Entra ID, PKI, SSO, JBOSS 5, JBOSS 7.

• Management of a large number of internal business applications: analysis, operational maintenance, workarounds, compatibility, and patches.

• Monitoring of sensitive network and multi-domain environments (prod / testing / dev).

Modernization / Projects

• Participation in AD remediation: security, structure, protocols, and rights.

• Updating Microsoft components: servers, workstations, and middleware.

• Obsolescence management: version upgrades and removal of unsupported components.

• Updating critical vulnerabilities in collaboration with the SOC and CISO.

• Redesign of the internal deployment system: MDT + WDS + scripts + dedicated storage.

• Contribution to the Intune project to modernize park management:

• Progressive migration MDT → Intune

• Application packaging and configuration strategies (policies, security, compliance)

• Workstation automation and standardization

Support & Governance

• N3 Support AD / Windows Server / System.

• Training and skill development for N1 & N2 teams.

• Participation in cross-functional IT projects and environment documentation (DAT, procedures, architecture).

Technologies: AD DS, Exchange On-Prem, SharePoint On-Prem, Entra ID, SSO, MDT/WDS, PKI, GPO, Hyper-V/VMware, Veeam, Windows Server

Kersia — Deployment of a strong password policy (PowerShell)

Context:

Intervention on a legacy Active Directory lacking a robust password policy, with the need to deploy and control this policy centrally and automatically for all accounts.

Achievements:

• Development of PowerShell scripts to automate the implementation of the policy.

• Testing and validation on different environments to ensure compliance and reliability.

• Integration into existing AD policies to secure all user accounts.

Technologies: PowerShell, AD DS

Groupe SEB — Active Directory Security Audit & Global Remediation (International Mission)

Context:

International mission on a global Active Directory, with a data center per continent and multiple local teams, to meet a high cyber insurer requirement. The objective was to secure all domain controllers and eliminate non-compliant protocols.

Achievements:

• Splunk analysis to identify obsolete AD protocols still in use (NTLMv1, SMBv1, unencrypted LDAP…).

• Complete AD configuration audit.

• Analysis of insecure traffic between international sites (Europe, Americas, Asia).

• Coordination with IT teams from several countries to migrate to encrypted traffic.

• Technical recommendations: LDAPS, SMB signing, disabling legacy protocols, AD hardening.

• Support for the progressive deactivation of non-compliant protocols in global production.

Technologies: Splunk, Windows Server, AD DS, GPO, LDAP/LDAPS, RBAC, Microsoft security hardening