Yes, you can do this; I"ve used it many times. The filter is:
Connection --> NAD-IP-Address --> BELONGS_TO_GROUP --> Name of your group
This coupled with services for each region will allow UK controllers to authenticate against UK domain controllers and so on.