I still haven't found a solution, but I think the problem has to do with AD groups not being recognized correctly. In our AD environment, we are using simple authentication and don't use SSL. When I log into VCD at the root level, I am able to add AD users/groups; when I log in to VCD at the organizational level, I can only add groups but can't add users. FWIW, I'm logging in with a system administrator account.
Again, I get the following error message when trying to import AD groups at the organizational level: "error searching in a groups or users identity source."
Can anyone tell me what this error means?