SharePoint Groups vs. Active Directory Groups
I’ve discussed this topic quite often during the last months. After those discussions I figured out that its more a question when to use what kind of group rather than what kind is better than the other. In this post I just write down some advantages and disadvantages of the group types and let you choose what kind fits better for your needs.
| SharePoint Group | Active Directory Group | ||
 |
Members of this group can be added/removed from within SharePoint. The permission to add or remove users from the group can be delegated to SharePoint users. | |
Members of this group can be managed within Active Directory. Only Active Directory administrators have the permission to modify group memberships. |
|
Members of this group can be visible to users. |  |
Members of this group are not visible to users. |
|
Cannot contain another SharePoint group as member. | |
Can contain another Active Directory Group. |
|
Must have a unique name on site collection level. The name is the unique identifier of the group. | |
Can cause serious problems in lage scale scenarios: A user might only be a member of 1024 Active Directory groups (recoursively). If this number is reached the user is no longer able to log on to Windows. Read the Microsoft documentation for more information. |
|
Can contain SharePoint users that do not exist in the Active Directory. | ||