The basic setup is an airlocked entry atrium, with a meeting area, a food stockpile supplied by a dropchute, and a series of very special bedrooms that are marked as dormatories.
A sleepy UristMcMigrant will be unable to get to a vacant bedroom past the airlocks, and so will path to a dorm bed. Each dorm is a 1xN tube, with bridges that raise and lower to block or allow entrance/exit. It basically looks like this:
Fortress side. Migrant side
+++O=============O+++++
+++PB+++P+b+P+P+B+++++
+++O=============O+++++
The default, is for the migrant side bridge to be down, and the fortress side bridge to be up.
Sleepy migrant enters, and steps on plate #1. This raises the bridge behind him, and keeps UristMcVampire out. He continues blissfully toward the bed (b), and steps on plate #2. This opens the bridge on the fortress side. He then takes his nap in the bed, wakes up, and paths to the nearest meeting hall. The way behind him is now blocked, and since he took a nap, he is clear for entry. As he moves forward, he steps on plate #3, which opens the bridge behind him, and later steps on plate #4, which closes the bridge behind him. Note how the walls extend past the bridge, and straddle plate #4, which not only forces uristMcMigrant to step on it, but also greatly reduces the risk that an errant dwarf on the inside will pess it, toggling the bridge, and breaking the automation.
The result of letting this automated system run, is that UristMcVampire gets segregated out of the normal fortress population, and stays in the atrium. This makes drafting him into a vampire military unit, and stationing him in an isolated guardhouse much easier, without ever actually blowing his cover. Ideally, these dorms will be many tiles distant from the meeting hall, so that by the time uristMcMigrant gets into the bed, and before the bridges toggle, uristMcVampire can't possibly path in time to get to him. If UristMcMigrant is dumb enough to sleep on the atrium floor, he deserves what he gets.
Lockdown mode for the migrant processing atrium, and opening the merchant access should allow for cleared dwarves to interact with merchants, and keep uncleared dwarves from running in with them.