I am trying to design a new tree structure that will provide the best
performance across my organisation.

Firstly we have an Edir/Zenworks server (windows based) plus a middle tier
in between (none of this is production yet) client computers primarily
authenticate to active directory but have the Zen agent installed, there is
no Novell client installed on the machines. The edir/zfd server is located
at our main campus; the plan is to put another edir/zfd/middle tier server
at another of our major sites located in the same tree as the one at the
main campus.

The current tree structure is as follows

O=Organisation Name
OU= Users

I understand that the design of the tree is paramount to performance and
efficiency, but I dont understand how in a clientless environment where
the context is not specified using the Novell client how the middle tier
server references the objects in the tree. Does it search the entire tree
structure from the top down for a matching user account, then does the zen
agent take over and search for the relevant applications which are
associated to specific users and groups

The Users OU will contain 30,000 user accounts. These accounts are being
pushed from UNIX to edir and cannot be separated in to different OUs. When
we install another read/write replica on our secondary campus will the
machines look to the local server when logging in on or will the clients
connect back to the server at the main campus because the users OU is in
its root partition? Sorry for the dumb questions but Im really trying
to get me head around the concept of partitions and replicas, its all a
bit confusing.

The Applications OU will hold all the application objects for both campuses
and most of the applications will be associated with workstation groups
rather than user objects. There will be about 150 different applications in
this OU they will be associated to different teaching laboratories on both

I read the article
http://www.novell.com/coolsolutions/...ds_design.html which
recommended that the tree design that I outlined above was not recommended,
however Im confused as to how I should best design this in my environment
considering that all the user objects need to be in the one OU. After
reading this article I plan to remove the workstation OU and import the
workstations into the User OU instead, same with the policies OU, though
the article talks about not allowing the partition size to grow bigger than
3500 objects (in extreme situations) though this is in contrary to the edir
documentation which says that the object size is unlimited.Im confused.

Any help I can get with this would be most appreciated. Thanks.