Within httpd.conf you should be able to set a <directory> container so that it restricts access to only the domain specified:

<Directory />
Order deny,allow
Deny from all
Allow from .your_domain.com
</Directory>

You will want to find the <directory> container that applies globally to the server so that any other hosts defined will come under it's influence unless you specifically override it with another <directory> directive for that host's directory path.

can the "allow from " command check that users are from a NT/ domain? This won't be a http: address.

<background>It is an intranet site which we want to keep seperate from the rest of the departments. Each Department has it's own domain name which all servers sit within, we don't want to use I.P. addresses because they are changed weekly
</background>

No it will not work with NT domains (different context), and I guess all the clients have the same host domain so it becomes impractical to allow or deny by host/domain. I don't know as much about NT as *nix setups, but can the clients not be made to authenticate in the NT domain where they will have access to the intranet for that domain?

There are others here that will know much more about NT, they will likely have a better answer than I can provide.

To answer my own question in case anyone else has the same problem. There is a module available which will provide access restictions from the NT Domain.
[syneapps.com...]