Security VS Distribution Group in Active Directory
In windows server active directory, we can manage the users in two different groups. They are a distribution group and security group. Basically, the group collects all the information from users and computer accounts and other manageable units. Simply talking, distribution groups can be used for e-mail distribution and security groups can be used for granting permission to shared folders.
This group allows managing users and computer access to shared resources. This group can perform security as well as the mail distribution list also. This simplifies the task to the system administrator by setting permissions to multiple users and computers in just a few clicks. Security groups can be used to assign security rights to members of Active Directory. However, assigning any users to many security groups is not preferred. Some of the task that security group can perform are listed below:
- Assign user right to security groups in Active Directory
There are many users who have a different position in a company and naturally they have a different level of privilege. So, security groups can determine what members of that group can do within the domain. It is also possible to assign user rights to security groups, using group policy. And assigning any users to critical security groups may cause significant harm to the network because he /she has the right to perform a task based on the security level provided.
- Assign permissions to security groups on resources
Permission is assigned to security groups in order to provide them access to shared resources. Permission determines the level of access like reading, writing, full access, control to any security groups followed by members inside those group. When assigning permission for resources, they are provided to security groups rather than going individually. This saves time and makes life easier for the administrator.
By using security groups, we combine the relevant user groups in a department and assign them access to shared folder. This is not possible in the distribution group. On the other hand, the security group can perform all the task of the distribution group.
Distribution groups are mainly used for email distribution lists to send an e-mail to a collection of users. This list can be used with email applications such as Microsoft Exchange or outlook. Email configuration for each user can be easily done with these groups. Let's say we want to send email to people who belong to IT. Then the distribution group can be created and name as IT, then members belonging to the IT department can be added to that group. When we need to send mail to IT, then this group address can be added as mail recipient. This makes life easier when there is a need to send E-mail to many recipients. We can add or remove contacts from this group if we need to enable or disable users from greeting mail. To make it more clear, let's assume we got a new colleague in IT and he needs to get the E-mail intended for IT. Then his mail address can be added in the IT group and that's all. However, a distribution group can not assign permission on any objects and configure group policy settings.