Is it possible to define a policy which restricts a user to enumerate only accounts in his own OU?
For example lets consider a domain Contosos and OUs Sales and HR.The Sales OU has two users A and B and the HR OU has users C and D.
Is it possible to define a policy so that A can only enumerate accounts A and B and C can only enumerate C and D and not the accounts not in their OU?
Don't do That!
But, you can create a group for each OU and put the ou users inside the group. Than you can change the permission on every other OU to deny this group the "list content" permission. I don't think that there is a way to configure this without scripting. But as the rule is simple it can be scripted.
That said. I would advise you not to dare and change the active directory default permission without having a dedicated group of experts on this specific subject. You can quite easily render your network useless with just a few clicks. And even if you don't, there is a chance that programs that have expectation from active directory security ( without even realizing this ) will suffer from subtle errors.
So the rule is. If you have to ask, don't do it. if you need to become an expert, then:
Update: The "If you need to ask" rule refers to asking on a public site like this. Where non-experts, like me, can give you potentially misleading information, as mine can be( I hope not, but...). I am not sure that your requirement don't have a simple solution. But as far as I know, this is a path that burned more than few brave souls.