Trying to lock down OU for a department, but allow one uer to add, delete or modify users and security groups.  Not allow them to see other OUs in AD.

Hi

 Open Active Directory Users and  Computers, select OU(Which you want to allow user to configure), then right click ->select Delegate Control->add user->Select "Create,delete and manage user accounts" & "Create,delete and manage groups" then follow the steps.

Trying to lock down OU for a department, but allow one user to add, delete or modify users and security groups.  Not allow them to see other OUs in AD.

This is actually a better question for the dedicated WinDS forum (it's not really a GP question at all):
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS

You can delegate control of an OU to a user (without granting control to other OUs) as Burak suggests.

You can't (and shouldn't) disallow a user to "see other OUs in AD"...