Under ACS 5.1 this is almost certainly possible - Under 4.2..... hmm I don't think so.
However, as AD users can be member of multiple groups is there any reason why your 2000 users on your new site can't have a number of AD security groups created, which you can then map against ACS group to give you your configuration basis for VLAN overrides?
So assuming your new users are in one AD group called Users. There is no technical reason they could not also be part of a group called GroundFloorUsers, FirstFloorUsers and so on. Then you can map GroundFloorUsers to a new ACS group and input the VLAN override details.
You could have used LDAP as an authentication request as a second external database which you can map against different ACS groups but I am pretty sure this configuration doesn't support 802.1x (only PAP/ASCII type requests)
Paul