We have a terminal server hosting applications for several clients. We're organizing things by putting each client's users into their own OU. One of these clients has reqested control over their OU and the users/groups in there. I understand the whole delegation thing and can give him control over his OU, but I would like to hide every other object that he does not have control over (the Domain Controllers, Computers, Builtin folders, etc). Of course he doesn't have permission to edit anything in these other folders, but is there any way to let him see only the OU under his control?