| Subcribe via RSS

SharePoint Groups vs. Active Directory Groups

Mai 19th, 2009 Posted in SharePoint

I’ve discussed this topic quite often during the last months. After those discussions I figured out that its more a question when to use what kind of group rather than what kind is better than the other. In this post I just write down some advantages and disadvantages of the group types and let you choose what kind fits better for your needs.

SharePoint Group Active Directory Group
plus Members of this group can be added/removed from within SharePoint. The permission to add or remove users from the group can be delegated to SharePoint users. plus Members of this group can be managed within Active Directory. Only Active Directory administrators have the permission to modify group memberships.
plus Members of this group can be visible to users. minus Members of this group are not visible to users.
minus Cannot contain another SharePoint group as member. plus Can contain another Active Directory Group.
plus Must have a unique name on site collection level. The name is the unique identifier of the group. minus Can cause serious problems in lage scale scenarios: A user might only be a member of 1024 Active Directory groups (recoursively). If this number is reached the user is no longer able to log on to Windows.
Read the Microsoft documentation for more information.
plus Can contain SharePoint users that do not exist in the Active Directory.
Tags: , , ,
This entry was posted on Dienstag, Mai 19th, 2009 at 12:20 am and is filed under SharePoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “SharePoint Groups vs. Active Directory Groups”

  1. Mads Nissen Says:

    Mai 20th, 2009 at 12:46 pm

    Might be relevant to add a “With 3rd party” rowset to the matrix. I.e. with 3rd party activedirectory webparts you’ll be able to explode groups and see users, and potentially also manage some AD OUs from a sharepoint environment.


  2. Alexander Brütt Says:

    Mai 25th, 2009 at 10:50 pm

    Hi Mads, indeed there is a builtin Web Part that displays the members of an Active Directory Group. I should mention this in the post.

    If you have any examples for 3rd party tools just let me know. I havent’s seen any 3rd party SharePoint controls yet that can manage AD items (Groups/OUs).


  3. Tom Winter Says:

    Juni 3rd, 2009 at 2:30 pm

    Possibly another thing to add is that you cannot “normally” create alerts for SharePoint groups, as you can for AD groups. Here’s a workaround though: http://www.amosfivesix.com/sharepoint/21-how-to-create-alerts-for-sharepoint-groups


  4. Phil Says:

    April 14th, 2010 at 7:52 pm

    There is no builtin webpart that will display the members of an AD group, only SharePoint groups.


Leave a Reply