Active Directory Question

This isn't really a certification question but I was hoping you guys could help me out here. My enterprise runs Server 2003 and we give VPN access to users by adding them a VPN global group membership to their AD account. Yesterday we had a meeting with our networking team about VPN compliance and they were claiming that we could add expiration dates for specific users for that specific AD membership so they wouldn't have VPN access forever. For example, we use the membership "VPN-Contractors" to grant all contractors VPN access. Basically the networking guys in our organization are saying we can add all the contractors to this one global group and somehow set up a bunch of different "expiration dates" (not expiration dates on the account, but an different expiration date per user on the global group ) that will automatically remove each person from the group at different time.
I've never heard of this being done on 2003 before (not sure if it's a 2008 thing) and googling turned up nothing. I'm assuming the networking guys don't really know anything about AD but just verifying with the rest of you