We can manage users of SharePoint sites more efficiently if you assign permission levels to groups instead of to individual users. A SharePoint group is collection of individual users and also includes the Active Directory Service groups.
For Example :
Just assume that a organization have a Active Directory and SharePoint Server.
Now we have IT-Development group in the AD so we can give permission to all the IT Team on any SharePoint Site by simply add the IT-Development group to SharePoint Site Members group.
Adding Security groups to SharePoint Group provides centralized management of Groups and Security. Once you add the security group ( IT-Development) to a SharePoint Group, we don't have to manage security group members in the SharePoint Group. If we delete a member from the IT-Development security group, then user will automatically removed from the SharePoint Group. I can say it's easiest way to giving the permission to users to SharePoint sites rather than individual IT-Development users.
- Active Directory is a server and it maintain users and groups of an organization.
- Active Directory commonly uses the following groups.
- Distribution Group: This groups used only for e-mail distribution and the security is not enabled on it.
- Security Group: A Group that can be listed in discretionary access control list (DACLs). It can also used as an e-mail entity.
- Suppose I just created IT-Development Security group in my active directory and added the IT development team.