First off an Active Directory group is a collection of Active Directory objects. An Active Directory object can be a user account, computer account, contact, etc.
The two types of groups are Security and Distribution.
- Security groups are used to grant or deny access to resources on the network.
- Distribution groups are used to send email to a list of contacts. They cannot be used in place of Security groups.
- Domain Local groups are used to grant members access to resources only in the same domain to which they are members.
- Global group members are in the same domain as the group and can be granted access to resources in other domains.
- Universal group members come from any domain and access resources in any domain.