2.1 Plan for eDirectory

eDirectory is the heart of OES network services and security.

2.1.1 Installing Into a New Tree

If you are creating a new eDirectory tree on your network, you must do some additional planning before you install the first server into the tree. The first server is important for two reasons:

  • You create the basic eDirectory tree structure during the first installation.

  • The first server permanently hosts the Certificate Authority for your organization.

To ensure that your eDirectory tree meets your needs, take time to plan the following:

  • Structure of the eDirectory tree: A well-designed tree provides containers for servers, users, printers, etc. It is also optimized for efficient data transfer between geographically dispersed locations. For more information, see Designing Your NetIQ eDirectory Network in the NetIQ eDirectory Administration Guide.

  • Time synchronization: eDirectory requires that all servers, be time synchronized. For more information, see Section 10.3, Time Services.

  • Partitions and replicas: eDirectory allows the tree to be partitioned for scalability. Replicas (copies) of the partitions provide fault tolerance within the tree. The first three servers installed into an eDirectory tree automatically receive replicas of the tree’s root partition. You might want to create additional partitions and replicas. For more information, see Managing Partitions and Replicas in the NetIQ eDirectory Administration Guide.

For information on these and other eDirectory planning tasks, see the NetIQ eDirectory Administration Guide.

2.1.2 Installing Into an Existing Tree

When installing into an existing tree, make sure you observe the following best practices whenever possible:

  • Use Existing eDirectory Objects: Whenever possible, existing eDirectory objects, organizational units, users, groups, password policies, etc. should be used during the installation.

    If new contexts or users are needed, it is best to create these prior to the installation.

  • Synchronize Replicas Before and After: Ensure that all eDirectory partitions affected by the installation are synchronized before you begin and after you finish the installation.

Also, before installing into an existing tree, be sure you understand the information in Section 12.2.3, eDirectory Coexistence and Migration.