LDAP Authentication with Group Membership

I am in the process of setting up authentication via Active Directory LDAP.  I have it working just fine for everyone in my AD to log in to CQ5, but I actually have about 1000 AD users and only 10 of my developers will be using CQ, at least in our test phase.  I would like the authentication process to only create new users in CQ based on their membership in an AD group.  Is this possible?  How do I define that within my LDAP_Login.conf file?  I have tried a couple of settings, and I either get no one able to log in, or everyone able to log in.  My AD tree is also very departmentalized, so I can't put everyone who is going to use the software in one directory, although I have created a group for these 10 developers that I can put put anywhere in the tree (right now it is at the root, i.e., "CN=CMS_Users,OU=CAES,DC=CAESAD,DC=UGA,DC=EDU"

Here is what I have at present:

              userRoot="OU=CAES,DC=CAESAD,DC=UGA,DC=EDU"
              userFilter="(objectclass=person)"
              userIdAttribute="sAMAccountName"

              groupRoot="OU=CAES,DC=CAESAD,DC=UGA,DC=EDU"
              groupMembershipAttribute="uniquemember"

              autocreate="create"
              autocreate.user.mail="profile/email"
              autocreate.user.givenname="profile/givenName"
              autocreate.user.familyname="profile/sn"
              autocreate.user.cn="rep:fullname"
              autocreate.user.sn="cq:last-name"
              autocreate.user.description="profile/aboutMe     
              autocreate.path="splitdn"
              cache.expiration="600"
              cache.maxsize="100";

Thanks!

Diana