If they are users on the server you should be able to granulate the security. Just make sure you don't put the users in a group which allows them total access. Have a group for each domain and add users to those groups as needed.
Yes, you can get pretty granular with your user permissions and rights with active directory. Depending on what your needs are, you can utilize the built-in domain groups or build your own custom priviledge sets with custom groups and GPOs. It really depends on what the users need access and rights to do. It could be simply file and directory permissions or more complex integration with GPOs.