If you are using Openfire and want to restrict who can use it via an AD group, there are several posts of how to do this in older versions. In Openfire 3.6.4, you do this by setting a filter under Users->Advanced. Let's say you have an OU called "Groups," and you only want members of the group "IMUsers" to be able to log in to Spark (or the IM client of your choice). You'd set the base DN to dc=domain,dc=com, and use the below filter on the users page, changing the domain name accordingly:
You can also set this after the fact editing the system property ldap.searchFilter.
MAKE SURE YOU ARE A MEMBER OF THIS GROUP BEFORE YOU SAVE YOUR CHANGES OR LOG OUT OF THE ADMIN CONSOLE.
When you test this, you should only see the members of the group displayed. Additionally, when you look at the groups, you should only see one (not making any changes to the groups filter). I found lots of posts with people saying they figured this out, but not presenting the solution. Perhaps this helps someone.