Active Directory distribution groups vs security groups best practices

jgran

1/7/23, 1:57 PM

Not an AD admin but in the need of getting better with good AD practices, I cannot find a definitive answer on how to manage distribution groups that could possibly have the same members as security groups (eg security groups for SharePoint whose members should receive mails) : should the groups remain totally independant and managed by hand or if not, which one should import the other ? Can the security group be imported into the distribution group? Is nesting a good or bad practice in the long term? Any other way to sync distribution out of security group ? I've also just discovered security groups can be "mail-enabled", I don't know from which version on. Is this altogether the correct way to manage this common situation ? Does it introduce complexity? Is there a method like AGDLP for managing distribution groups? (Pointers on Microsoft documentation appreciated)

I did read ths question nesting-distribution-group-within-security-group, but there is no one solution!

158

1 + 0

active-directory

Score:1

Server

Jevgenij Martynenko

1/9/23, 8:32 AM

The difference between SG and DG is only that DGs can't be used to control access rights / permissions. If you already have SG with all needed members then creating another group would increase administrative overhead. Just mail-enable existing SG.

As for nesting, it mostly works in on-premises products, like AD/Exchange/SharePoint but might not work for some scenarios for Microsoft 365 cloud services. It really depends on what exactly you are trying to achieve

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Active Directory distribution groups vs security groups best practices

TH: กลุ่มการแจกจ่าย Active Directory เทียบกับแนวทางปฏิบัติที่ดีที่สุดของกลุ่มความปลอดภัย

RO: Cele mai bune practici pentru grupuri de distribuție Active Directory vs grupuri de securitate

RU: Группы рассылки Active Directory и лучшие практики групп безопасности

VI: Nhóm phân phối Active Directory so với thực tiễn tốt nhất của nhóm bảo mật

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.