As I work with the pros trying to build our Identity and Access Management system one of my goals is to learn as much as possible along the way. The pros I'm referring to are top business partners like SCS and SPS or the guys/gals straight from the Tivoli Software group.
The first tips I've learned is regarding the ITIM Organization tree:
1.) It's all about admin - The tree needs to be designed based on who will be managing it. If you are delegating administration of the ITIM to departments, divisions, countries, cities or buildings then it makes sense to organize it in such a way that users are grouped into "administration containers".
2.) 1000 or less is best - ITIM will have performance and usability issues if you place more than 1000 or so users into a container. It's helpful to keep your containers under that number. So you may have to divide the users up. In my case we have thousands of users so we might be looking at 5 or 6 levels deep.