I have something like this working. I have two guest forms called longterm and shortterm. Any of the company employees can create a shortterm guest ID valid upto a month by logging in with their AD account. They have no other rights. Then admin users who are a member of a special AD group can log in and only hit the longterm page for accounts valid up to a year. Both options have a range of options for how long to make the account. Shortterm accounts are valid 1,2,3,5 days, 1,2 weeks or 1 month. Longterm is 2,3,6 months or a year. My only issue is the admin users can not create short term accounts unless they log in with a non AD account. In my case they use a lotus notes account and that allows them to creat the short term accounts if needed. On the operator login page I just have the instructions explaining the difference.