Wednesday, October 31, 2007

Difference between SharePoint and AD Groups

Someone on the SharePoint forums asked about the difference between these two types of security groups. Here are the ones I could think of:

Domain Groups

  • Normally created and maintained by the IT department

  • Can be used across different SharePoint sites and site collections

  • Organisations may already have good AD group structures that map well to your SharePoint implementation

  • Groups can be nested - e.g. you can add another AD Group as a member to an existing AD group

  • No features for users to submit a request to join a group

SharePoint Groups

  • The creation of groups can be done by business users
  • When a group is being created, you can define who "owns" the group

  • Can allow users to submit a request to join a group

  • Can determine who has permissions to see the users within groups

  • Groups are created within a particular Site Collection - cannot be used in other site collections

  • You cannot add a SharePoint Group as a member of another SharePoint group (no nesting)

  • SharePoint Groups cannot be used in other systems (e.g. network Shares)

  • The SharePoint Groups are separate from Active Directory - so you can go wild with the SharePoint Groups without upsetting your AD administrator