Implementing NDS on a medium-sized network is typically based on your business's organizational chart with some geographic considerations for your branch offices.
The following figure shows an example of a common Directory tree structure for a medium-sized network.
Example of Medium-Sized Directory Tree
Medium-sized networks are commonly workgroup- and department-oriented in structure. They are typically managed by a central, system-wide administrative group and department network supervisors.
The Directory tree begins with a general Organization object that has multiple Organizational Unit objects below. Organizational Units are based on functional groups, projects, departments, and so on.
In the Organization object and high-level Organizational Units are enterprise resources that are managed centrally, including the following:
system.
Centralized supervisors are responsible for general network management and overall support for the Directory tree. OU-level supervisors are responsible for day-to-day tasks, such as User object and resource management and local server backup.
Centralized management helps facilitate the implementation of network-wide standards. You should create and distribute a standards document for the entire network before implementing NDS.
Because many medium-sized networks maintain some level of WAN connectivity, time services support is an important consideration.
A Single Reference time server is usually inadequate for networks that have WAN connections. You should use a group of Primary time servers as the basis for network time services.
Determine which servers within your organization provide system-wide services, such as directories or applications that are accessed by multiple departments or the entire organization.
Choose a limited number from the group of servers you identified to be installed as Primary time servers. Limiting the number of Primary time servers to a select few minimizes the network traffic used when the time servers vote on the current time. Typically, you should have one or two Primary time servers at each location on the network.
Set up remaining servers as Secondary time servers.
Partitioning medium-sized networks should follow the structure of your Organizational Unit objects. You might want to create a partition for each high-level Organizational Unit in the tree.
This allows each partition to contain all the resource objects that a particular department needs to access. Place the [Root] and Organization objects in the same partition.
Create replicas to ensure adequate redundancy of critical partitions. Determine which servers within your organization provide system-wide services, such as applications that are accessed by multiple departments or the entire organization.
Place replicas of the partitions that include these critical servers on other servers in different locations on the network. This allows all users to authenticate to an enterprise resource without increasing network traffic.
For servers that provide local services, place replicas of the partitions that include them on other local servers.
If only one server exists at a location, place a replica of the partition that includes the server on a server in a different location. Provide additional replicas if possible.