In Active Directory, a security group can be assigned rights and permissions. Users belonging to a security group inherit the rights and permissions specific to this group.
Security groups are in contrast to distribution groups. Distribution groups exist for email applications only. Distribution groups do not have rights and permissions. Groups can be either of type security group or distribution group.
The scope of security groups can be:
Local security groups are specific to a particular machine. Domain local groups a specific to a particular domain. Global groups exist to give members of a domain local group access to resources in other domains. A global group from one domain can be made a member of a domain local group in another domain. Universal groups provide access to resources across entire trees or forests. A user in any domain in a forest can be made a member of a universal group. Universal groups can be made members of domain local groups.