This is possible.  Export jobs can be filtered based on data from AD.  See the following KB article on how to do this: http://www.symantec.com/business/support/index?page=content&id=TECH85942.

Unfortunately you probably won't be able to use actual Group membership.  That information is in the member-of AD field.  Typically the information in that field is larger than the IM Manager database field size and you may run into the following issue: http://www.symantec.com/business/support/index?page=content&id=TECH86378.  Also multi-valued attributes sometimes are a problem when syncing from AD: http://www.symantec.com/docs/TECH89754.

Is the size limit different for different versions?  On 8.4.1362 I'm seeing it truncated at 2000.

"LDAP Mirror Sync has truncated LDAP attribute values longer than 2000 characters to 2000 characters. Attribute name: memberOf"

The LDAP attribute character limitation is part of all versions of IM Manager and is not specific to your particular version.

This particular error is listed in the IM Manager Implemenation Guide: Chapter 6: Setting Up Users and Groups: Working with LDAP: Synchronization history logs.

This error can be seen when there are users with a lot of group memberships in LDAP that IM Manager is attempting to sync with.  The memberOf attribute stores a flattened list of all the groups that a user belongs to in LDAP.

I see why you choice that attribute so that you could export for particular LDAP groups by using the LDAP attribute filters in the export job.

A workaround to this is to use attributes directly in LDAP, like the department name attribute or use custom attributes (like extenstionAttribute1 -> 15).

That being said, using groups is a great idea for IM Manager and I made a feaure request (#2229848) with PM for you to get this included in a future release of IM Manager.

How can the extenstionAttributes be applied to AD objects?

extenstionAttributes1-15 are built in attributes to AD, they are typically left blank most of the time and are there to be used to add in additional data to AD objects when the preexisting ones don't quite do the trick.

So in practice you could select and use any AD attribute that works for you with the IM Manager export.  If another existing attribute other then the extensionAttributes work, IM Manager will be fine with that (as long the attribute is smaller then 2000 characters).

If you do want to use those extensionAttributes you can try the following ways to update them depending on how many users you need to manage.  Out of the box, the defualt Active Directory User and Computers (ADUC) snap-in doesn't give you direct access to these extensionAttributes:

http://www.microsoftnow.com/2008/01/how-to-bulk-edit-active-directory.html

http://technet.microsoft.com/en-us/library/cc773354(WS.10).aspx

A script example:

http://blogs.technet.com/b/gary/archive/2010/02/02/quick-script-to-edit-a-attribute-in-ad-on-a-single-user-account.aspx

a VBS scripting example (there is an example about how to edit an attribute)

http://technet.microsoft.com/en-us/library/bb727091.aspx

If you are partial to perl (I know I am) you can even use this module:

http://search.cpan.org/~gbarr/perl-ldap-0.4001/lib/Net/LDAP/Examples.pod

An another VBS example script

http://blogs.technet.com/b/heyscriptingguy/archive/2005/03/23/how-can-i-set-an-active-directory-attribute-value-to-null.aspx

Any one of these can help you or your AD admin to update the specific attributes that you want.  Bear in mind that updating attributes in AD can have reprocutions on other applications in your enviroment.  If you decide to edit an AD attribute be sure to double check to make sure that the value isn't used by any other applicaiton in your enviroment to avoid other problems.