For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Greater security through AD consolidation

Greater security through AD consolidation

Building material company uses Quest AD migration solutions to consolidate 31 Active Directory domains and 40,000 users into a single environment for their EMEA region, while enhancing security and avoiding disruption.

  • Country

    Spain (digital center)
  • Industry

    Building Materials
  • Website
  • PDF Download


Two leading companies in the building material industry merged to create one business, Holcim. Given the security risks associated with the high number and complexity of their environments — 31 different domains and around 40,000 employees — Holcim needed to find a solution that could consolidate their numerous Active Directory (AD) environments.

orange bg dots

The quality of the services that Quest offered to us was simply amazing.

Samuel López Trenado User Lifecycle Supervisor, Holcim
Building Materials


Due to their complex environments, the Holcim team quickly realized that Microsoft proprietary tools were not equipped to tackle their elaborate consolidation. In the end, they chose Quest AD migration solutions for their convenience, efficiency and synchronization capabilities.


  • Created a unified Active Directory.
  • Delivered a more controlled and efficient environment.
  • Ensured a zero-impact migration with no downtime or disruptions.
  • Increased security by reducing AD domains and shrinking the attack surface.

Holcim is a leading global building material company with a EMEA digital centre based in Spain, and specializing in innovative and sustainable building solutions. The company, birthed after the union of Lafarge and Holcim, two leading organizations in the industry, has operations in more than 70 countries and employs about 40,000 people in its EMEA region. When the company needed to consolidate and update its complex IT infrastructure after their merger, the team quickly decided it had to be done by Quest.

Before the companies merged, they had disparate Active Directory approaches. Holcim had a single Active Directory domain, while Lafarge had 30 separate Active Directory domains within a global forest – one for each country in which it operated.

Consolidating 31 Active Directory domains into one

Following their company merger, a companywide Active Directory consolidation project was defined to merge the 31 domains into a single environment. The consolidation project was led by Samuel Lopez Trenado, User Lifecycle Supervisor, who was working as the Active Directory team lead at the time.

The company chose this approach after acknowledging that having so many Active Directory domains was a security risk. “If you have more Active Directory domains, for sure you will have more security issues,” Lopez Trenado said. “You have more points where you could be compromised.”

To create a centralized system with optimal control and security, they needed a single directory structure.

Lopez Trenado analyzed the solutions on the market that they could utilize to achieve the most seamless consolidation. Due to their complex system integration challenge, the Holcim team quickly realized that Microsoft proprietary tools were not equipped to tackle the elaborate consolidation process that was ahead of them.

The team decided on selecting Quest AD migration solutions for their convenience and synchronization capabilities. The company also had previous experience with Quest’s professional services and were impressed by their efficiency. “In terms of proximity and quality of the services commitment and business understanding, I think that the professional services are much better than others,” Lopez Trenado said.

Seamless migration with no downtime or end user impact

Holcim used Quest AD migration solutions to successfully consolidate its AD structure with minimal impact on users and no downtime.

Once the domains and tools were prepared for the migration, the local IT teams in each country were trained on how to execute the migration. The team set up a tool management process that was administered by a central team and executed by each local team. This process allowed the local teams to choose the most convenient timing for their migrations to happen – a key aspect that the team wanted to ensure during their migration process.

“This is a capability which is offered by Quest, but for sure is not offered by the native tool,” Lopez Trenado said.

The threat of disruption and downtime was something that the company was very cautious of when choosing a solution for their migration. They wanted to ensure that their users would be impacted as little as possible throughout the process. They were relieved when they discovered that the only effect the migration would have on their users was a simple computer restart that could be done at the users’ convenience.

“After users restart their computer, they are in the new Active Directory domain and everything works as it was working before,” Lopez Trenado said. “This is quite efficient.”

Enhanced security post consolidation

Holcim approached their Active Directory consolidation project from a security, compatibility and productivity standpoint. Their consolidation allowed them to implement a single sign-on approach for their users, improving the efficiency and security of their organization. Their consolidation helped modernize their business and set them up for future success.

“The quality of the services that Quest offered to us was simply amazing.”

Samuel López Trenado, User Lifecycle Supervisor, Holcim

Lessons learned

To companies preparing for an Active Directory consolidation, Lopez Trenado recommends being very clear on each member’s roles and responsibilities from the start of the project. He also advises keeping a playbook detailing each step of the process, so it can be easily replicated and executed by others.

Lopez Trenado chose to trust Quest with Holcim’s Active Directory consolidation because he believes Quest has the highest quality of professional services, the most advanced capabilities and the best technical advantages.

“This is what makes the difference between Quest and the other solutions or other vendors that you might find in the market,” Lopez Trenado said.

Migrate all your workloads and Active Directory with one comprehensive Office 365 tenant-to-tenant migration solution.