You must decide which directory information tree (DIT) administration scheme works best for your organization: centralized or distributed. Since the DIT mirrors the DNS layers, if your DNS does not contain subdomains, your DIT structure will not contain organizational units, which implies a centralized DIT administration scheme. Similarly, if your DNS contains multiple subdomains, it implies multiple organizational units and requires a distributed DIT administration scheme.
|
|
You can implement centralized administration, where one authority manages the entire DIT. This type of administration is usually implemented in scenarios where the entire DIT resides on one mail server. | |
|
|
You can also implement distributed administration, where multiple authorities manage the DIT. This type of administration is usually implemented when your DIT is divided into portions or subtrees and the subtrees reside on different mail servers. Typically in this scenario, it is infeasible for one authority to handle modifications for the entire DIT because of the size of the DIT, and because the mail servers are geographically dispersed. You must assign an authority to manage each subtree of the DIT. It is acceptable for one authority to manage multiple subtrees. An authority can make changes only to the subtree of the DIT that it owns. |
FIGURE B-7 Centralized Directory Information Tree Administration
FIGURE B-8 Distributed Directory Information Tree Administration