Hi,
One way to deal with it could be to retrieve the user DN as an authorization attribute then match it against a specific pattern. Assuming the location OUs have some kind of repeated naming pattern.
Example:
Lets say you get this user DN from the AD authz source: "cn=Jim Smith,ou=branchOffice_a,ou=West,dc=Domain,dc=com"
Then your role mapping rule could be something along the lines of:
Authorization:AD:DistinguishedName CONTAINS "branchOffice_"
or something more precise like:
Authorization:AD:DistinguishedName MATCHES "cn=[\w\s]+,ou=branchOffice_\w,dc=Domain,dc=com"