Thank you for the reply, Dieter. I tried the following config:

rwm-suffixmassage       "ou=user,dc=company,dc=com" "OU=All Users,dc=internal,dc=company,dc=com"
rwm-map attribute uid sAMAccountName

Simple searches work ( ldapsearch -W  -x -b "ou=user,dc=company,dc=com" uid=michael), but some of our application needs to specify the binding of which OU the user belongs to. From the above example, if we do a search on proxy with "ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com", the proxy would need to translate it into "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com" on AD, without the need for user to provide that Michael Lois on the Accounting OU. Is this possible?

I think my problem is similar to this one in the older thread in 2009, but seems like this quesiton was still open:

http://www.openldap.org/lists/openldap-technical/200902/msg00090.html