Here I was, banging my head into the proverbial wall over why in MOSS 2007 I was able to use a service account with read permissions to Active Directory, but when setting up SharePoint 2010’s User Profile Import to AD it kept breaking. Then I stumbled across this article. So I contacted out Network guys, who created a service account with permissions as indicated in this KB article:
And lo and behold, all problems are solved! SharePoint 2010 now imports user profiles from Active Directory without issues!