Someone on the SharePoint forums asked about the difference between these two types of security groups. Here are the ones I could think of:
Domain Groups
-
Normally created and maintained by the IT department
-
Can be used across different SharePoint sites and site collections
-
Organisations may already have good AD group structures that map well to your SharePoint implementation
-
Groups can be nested - e.g. you can add another AD Group as a member to an existing AD group
-
No features for users to submit a request to join a group
SharePoint Groups
- The creation of groups can be done by business users
-
When a group is being created, you can define who "owns" the group
-
Can allow users to submit a request to join a group
-
Can determine who has permissions to see the users within groups
-
Groups are created within a particular Site Collection - cannot be used in other site collections
-
You cannot add a SharePoint Group as a member of another SharePoint group (no nesting)
-
SharePoint Groups cannot be used in other systems (e.g. network Shares)
-
The SharePoint Groups are separate from Active Directory - so you can go wild with the SharePoint Groups without upsetting your AD administrator
