Metagyre recently completed what we believe is the third largest Active Directory separation in history.
For security reasons, we are not naming the client.
But for executives involved in mergers, acquisitions, carve-outs, or divestitures, the lesson is too important not to share:
The deal may close on paper.
The real separation happens inside the business.
Identity. Applications. Infrastructure. Security boundaries. Vendors. Plants. Dealers. Partners. Customers. Daily operations.
That is where value is protected or lost.
Why This Separation Was Different
This was not a standard directory migration.
It was a global post-sale separation for a manufacturing enterprise operating under TSA constraints.
The environment included:
- 100,000 employees
- 55,000 dealer identities
- 6,000 partner identities
- 1,500+ application dependencies
- A new forest and tenant build
- A global OEM ecosystem
- Manufacturing plants with AD-bound operational technology
Only two publicly known Active Directory (AD) separations appear larger:
- HP to HPE / HP Inc.
- GE three-way split.
There is an important caveat. AD separations are rarely documented publicly at the technical level because they are security-sensitive. So the benchmark is inherently incomplete.
Even with that caveat, this work belongs in rare company.
The Risk Was Not Just Size
In M&A, teams often underestimate separation risk because they count users.
That is the wrong lens.
The real question is not, “How many employees need to move?”
The better question is:
What parts of the business depend on identity to keep working?
In this case, identity was tied to far more than employee access.
Dealer identities authenticated into dealer management systems, warranty portals, parts ordering platforms, and telematics back ends.
Partner identities crossed multiple trust relationships with outside organizations.
Manufacturing plants had AD-bound operational technology, including MES, SCADA, and line controller environments that could not simply be migrated without risking production impact.
Applications, infrastructure, vendors, security rules, and business processes were all connected through identity.
That is what makes post-M&A execution difficult.
Not the seat count.
The dependency web.
The TSA Clock Changes Everything
Most separations happen under pressure.
This one required a greenfield forest and tenant build while the business was still operating on the seller’s infrastructure.
And that matters:
- Every delay extended TSA exposure.
- Every unresolved dependency added cost.
- Every unclear decision increased security boundary risk.
- Every missed operational detail created the possibility of disruption.
For executives, this is the point that matters most:
A TSA is not just a commercial agreement.
It is a countdown clock.
The longer critical capabilities remain dependent on the seller, the more cost, risk, and complexity the buyer carries.
Why This Is Executive-Level Work
An AD separation of this scale is deeply technical.
But it is not only a technical project.
- It is a business continuity issue.
- It is a security issue.
- It is a value protection issue.
- It is a governance issue.
- It is an operating model issue.
The work succeeds when leadership, technology, security, operations, vendors, plants, partners, and business owners move together with enough clarity to make decisions before delays become expensive.
That does not happen by accident.
It requires structure, sequencing, dependency visibility, cutover discipline, risk control, and executive-level decision flow.
The technical migration matters.
But the operating system around the migration matters just as much.
The Lesson for M&A Leaders
For CEOs, CIOs, COOs, CFOs, corporate development leaders, and integration teams, the lesson is simple:
Do not wait until after close to understand the execution reality.
Before close, leadership should already be asking:
- Where are identity, applications, infrastructure, vendors, partners, customers, and operations tied together?
- Which dependencies could extend TSA cost or timeline?
- Which security boundaries need to change?
- What must not break on Day 1, Day 30, Day 100, and TSA exit?
- Where do plants, branches, dealers, partners, or customer-facing systems create hidden risk?
- Who owns decisions when technical, operational, security, and financial priorities collide?
These are not just IT questions.
They are deal-value questions.
The Deal Thesis May Be Financial. The Value Is Protected in Execution.
M&A value is usually modeled in financial terms.
Synergies. Scale. Market access. Operating leverage. Strategic positioning.
But once the deal closes, the value has to survive contact with real systems, real dependencies, real people, real vendors, and real operations.
That is where many deals get harder than expected.
Post-M&A integration and separation are not just about managing workstreams.
They are about creating enough control for the business to keep moving while the enterprise is being rewired.
That is the work Metagyre helps leadership teams do.
We bring the structure, governance, program leadership, technical coordination, and execution discipline needed to move complex post-deal work from strategy to controlled execution.
The deal may close in the boardroom.
But the value is protected in the execution work.
