As more customers adopt SharePoint 2010 and implement the various features etc, one thing that we are starting requests around is the ability to limit the number of users imported from AD based on group membership.
In SharePoint 2007, this functionality was achievable by expressing an LDAP filter such as: (&(objectClass=user)(memberOf=<DNofSomeGroup>))
SharePoint 2010 does not have the ability anymore because the profile sync feature was completely overhauled and we now rely on FIM 2010 which does not allow filtering on "reference attributes" like memberOf, manager, etc.
In light of that, our goal here is to show a couple of alternative options for SP2010 for solving whatever business problem driving the need to filter by group.
Some of these options may not be feasible depending on your business scenario. So pick whichever works best.
Why can Sharepoint 2010 work the same as 2007???