Ah. Then my first reaction is that it is not a very good design.
I would've thought that the point of using groups is to not manage individual users in the console, much like other management consoles (McAfee's ePO comes to mind - you can add a single AD group and assign roles to it... individual users never come into play). It seems in this case groups are only used for the initial granting of roles and scopes. After that, if you want to remove that user, it's double the work - remove them from the AD group AND from the LANDesk console.
Hopefully I am understanding this correctly... please school me if I'm on the wrong track! I just don't see the purpose of using groups now. I have defined roles and scopes that I was previously thinking of applying to groups. It's just as easy for me to apply them to users and not deal with groups at all.