NAES was acquiring companies in the energy services space when I joined. Each acquisition brought its own IT environment — separate AD forests, separate O365 tenants, whatever endpoint management the acquired company happened to be running. My job was to sort it out.
AD forest consolidations aren’t exciting work, but they’re the thing that everything else depends on. Identity has to work before anything else can be unified. If you skip it or half-do it, you end up with users carrying multiple accounts, shared resources that nobody can cleanly access, and security gaps across trust relationships that you can barely see, let alone audit. It’s the kind of debt that compounds.
The actual work was methodical: assess the incoming environment, map out migration paths, establish inter-forest trusts for the transition period, migrate user objects and their resources, then collapse the trust when it was done. O365 tenant consolidations ran alongside this on the same timeline. Same users, different set of problems — tenant migrations have their own failure modes that don’t care what’s happening with your on-prem AD.
The endpoint side was messier. Acquired companies were at different stages of management maturity. Some had SCCM. Some had nothing much at all. Rather than rebuilding from scratch in each case, I implemented Intune co-management against the existing SCCM infrastructure. It let us establish a consistent compliance and patch baseline across all the acquired environments without touching what was already working. Not the cleanest solution architecturally, but it got everyone to a consistent security posture faster than a clean-start migration would have.
M&A IT work is mostly triage with a project plan attached to it.