A user group makes assigning and managing permissions easier by gathering users into one group. The existence of user groups isn't visible in the application's user interface unless you use role badges for the group.
An example of a user group is a group called hr_users that includes users who work in the human resources department as members.
User groups are made up of members and administrators. Unless they have access to the Admin Console, members typically aren't aware that they're in a user group. The member's account defines (at least partially) their access to the application features. Group administrators have access to the area of the Admin Console through which they can manage settings and membership for a group they're administering.
By default, even if your community uses an LDAP or Active Directory database (or some custom solution), the users you add through the Admin Console are added to the application's database and not the external system. It is also possible that user accounts are managed by the external system, but the groups they're members of are created and managed locally in the application database. How user groups are managed is defined when the external system is connected to the application.
For more information on connecting an external LDAP or Active Directory system, see Setting up LDAP and Active Directory.