EDIT!!! Optimized the code and only one user for binding.
Only four years later I get it working with multiple branches (organisation units). 
I created a bind user directly at the Users Directory (not an OU) at AD. This user is used to connect Nethserver to the AD and for Sogo.Therefor I built a custom template 45user_source at
/etc/e-smith/templates-custom/etc/sogo/sogo.conf
{
use NethServer::SSSD;
my $sssd = new NethServer::SSSD();
my $baseDN = $sssd->baseDN();
my $bindDN = $sssd->bindDN();
$bindDN =~ s/\\/\\\\/g;
my $userDN = $sssd->userDN();
my $groupDN = $sssd->groupDN();
my $bindPassword = $sssd->bindPassword();
my $host = $sssd->host();
my $ldapURI = $sssd->ldapURI();
# We must check if starttls is used
$tls = $sssd->startTls();
if ($tls){
$ldapURI = $ldapURI . '/????!StartTLS';
}
# select the email field in case of Microsotf AD bind
my $CustomEmailField = $sogod{'CustomEmailField'} || 'userPrincipalName';
if ($sssd->isLdap){
# user source: ldap
$OUT .= <<EOF
/* 45 ldap authentication */
SOGoUserSources =(
\{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "$groupDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "$SystemName groups";
hostname = $ldapURI;
isAddressBook = YES;
\},
\{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "$userDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "$SystemName users";
hostname = $ldapURI;
isAddressBook = YES;
\}
);
EOF
} elsif($sssd->isAD){
# user source: AD
$bindPassword =~ s/"/\"/;
$OUT .= <<EOF
/* 45 AD authentication */
SOGoUserSources =(
\{
id = AD_Users_1;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\},
\{
id = AD_Users_2;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\},
\{
id = AD_Groups_1;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\},
\{
id = AD_Groups_2;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\}
);
EOF
}
} Now we have to expand the template:
expand-template /etc/sogo/sogo.conf
Also I updated sogo config with:
signal-event nethserver-sogo-update
Hope this can help some others. If somebody has problems, I will try to help.