Security Group vs Dist. Group 2

[Blogg]

I have a Security Group in Active Directory, but in fact it's used soley as a distribution group. My question is this: is it ok to change this group to a Distribution Group?

Thanks for your comments in advance!

Cheers,
Blogg

 

[Spirit]

of course.

Security groups can be used as an address or to assign permissions to stuff

While DL's are exactly that so just be 100% sure you've not assigned permissions anywhere using the security group and sleep soundly!

Iain

 

[WhoKilledKenny]

Here is a little more meat...
A Security group has all the features of a distribution group, like sending an email, and more - They determine access rights. The issue is a security group is used in the logon process where a distribution group is not. What this means is that the more security groups used as distribution groups could slow the logon process down for user. The Access Token that is created by the logon process contains the security group membership, the are no distribution groups listed in the Access token(which is stored in RAM on the users PC) because distribution groups do not determine access.

 

[WhoKilledKenny]

Sorry... to answer your question. I do believe that you can change from a security group to a distribution group as long as the group has not been assigned to a resource with permissions applied.

 

[Blogg]

Excellent replies. Many thanks for your advice WhoKilledKenny and Spirit.

I'm going to make this a Dist Group as then it'll be easier to understand and organise alongside other AD groups.

Thanks again guys!!

Blogg