if you're considering VLANs ... you'll need a layer 2 switch capable of this service. They're usually called "managed switches". Very cool ... creates logical groupings of pc's that might not necessarily be physically close together. Reduces broadcast traffic, by grouping "depts" that communicate with each other on a more frequest basis. You mentioned you have 5 departments you're creating. AD and DNS is a great way to start. To further enhance your network, VLAN's would certainly be a step in the right direction ... view it as an additional security feature as well.