this applies to single DC for multiple customers

Because the CUST domain is a "shared environment" the Operations Engineering team in conjuction wiht the security team has decided to lock down general read access to other customer objects. As such, in order to be able to view a customers OU and all the LDAP objects located in there you have to add the AD object to the following group:

customername_LDAP_Access

Note that "customername" is typically the customer name of the OU created in Active Directory. The location of this group is in the following path:

/Customers/customername/Security Group

Do note that both users AND groups can be added to this LDAP group to keep administration to a minimum.