Where can I get an enterprise directory structure?

Question

I want to be able to load up an Active Directory server with a realistic medium-to-large enterprise directory structure (groups, users) so that I can run performance tests on an application which makes use of that data. In my fantasy world, some big company would export their (anonymized) AD structure in a way I could import directly. Since this seems unlikely to happen, does anyone know of a source for test data that would provide a reasonable simulation of a 10-to-100k employee organization's structure? I could generate data myself, but I don't want to make too many assumptions about levels of group nesting, how many groups a given user is a direct member of, etc.

Answer 1

The TechNet ScriptCenter Repository has a bunch of sample scripts for generating users, groups, and OUs.
http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true

Answer 2

Hi Jeremy,

I know that OpenDS includes the option of installing sample data on install, but not the numbers of entries that you're talking about. Given that LDAP directories often include sensitive information, I would be surprised if you were able to obtain data from a real company, even anonymised.

It might be worth looking around for some publicly available LDAP servers and contacting the administrators? You might get lucky.

Alternately, I suspect the best option would be to build your own data. In my experience, corporate directory structures tend to be quite flat anyway, so you shouldn't need a convoluted DIT structure unless you have specific requirements.

I would go with something like this:

dc=example,dc=com
-->ou=people
-->-->uid=user1
-->-->uid=user2
-->-->uid=...
-->ou=groups
-->-->ou=group1
-->-->ou=group2
-->-->ou=...

I know you mentioned that you knew how to create your own LDAP entries, but might I recommend the MakeLDIF tool? MakeLDIF comes with SLAMD, an excellent free tool for performance testing and benchmarking LDAP servers. MakeLDIF is very useful because it allows you to define directory structure, as well as entry structure in template files. You won't have 'real' data, but you should be able to generate a reasonable approximation of it.

Perhaps a possibility would be to take the sample directory data from something like ApacheDS to build a basic template to feed into MakeLDIF.

I hope that helps.

R

Answer 3

My company fits in your range. Here's some stats to help you simulate the environment: we have one top-level OU per division. All user, computer and groups accounts reside under one of them. Each division has its own admin team and authority is delegated to them to control their own OU structure. Some teams have wide structures with OUs for each department, with users under them, OUs for groups and other OUs for computers. Others have deep structures with OUs in OUs in OUs - current max is 12, I think. Other have fat (for want of a better word) structures: Separate Users, Computers and Groups OUs but no further subdivision of Users or Computers (so there can be several thousand accounts in each). Branch offices tend to have their own OUs with Users, Computers and Groups underneath, under a divisional OU.

We hit the token size limit for group membership. Some admin teams have massive, complicated delegated admin structures and users can be in hundreds of groups. Others have simple ones but group policy groups, distribution groups and normal security groups can still lead to 50 or 60 groups for a user. We also use groups for computer group policy and for software distribution so most computers would be 5-30 groups. There are a couple of apps using AzMan (data in CN=Program Data).

Groups aren't usually nested more than 3 or 4 deep because it gets hideously messy.

We have about 35,000 users and 20,000 groups.

Hope that helps.