1
00:00:06,430 --> 00:00:13,370
In Windows Server 2016 enterprise network there are two types of groups.

2
00:00:13,450 --> 00:00:16,350
Security and distribution.

3
00:00:16,360 --> 00:00:24,340
When you create a group you choose the group type and school group types determines the capabilities

4
00:00:24,340 --> 00:00:25,190
of the group.

5
00:00:25,330 --> 00:00:34,030
Email applications mainly use distribution groups which are not security enabled security groups are

6
00:00:34,240 --> 00:00:41,620
security enabled and you use them to assign permissions to various resources you can use.

7
00:00:41,620 --> 00:00:51,300
Security groups and permission and trust in access control lists to control security for resource access.

8
00:00:51,340 --> 00:00:57,700
You can use security groups as a means of distribution for email applications.

9
00:00:57,880 --> 00:01:04,430
If you want to use a group to manage security it must be a security group.

10
00:01:04,450 --> 00:01:12,730
Please know that the default group type for newly created groups is security because you can use security

11
00:01:12,730 --> 00:01:18,130
groups for both resource access and email distribution.

12
00:01:18,130 --> 00:01:21,970
Many organizations use only security groups.

13
00:01:21,970 --> 00:01:30,970
However it is recommended that if you use a security group for email distribution only you should create

14
00:01:30,970 --> 00:01:39,940
the group or the distribution group otherwise the group with a scientist security identifier seed and

15
00:01:39,940 --> 00:01:48,760
the seed is added to the user security access token which can make the token unnecessarily large.

16
00:01:48,760 --> 00:01:54,880
You can convert a security group to a distribution group at any time.

17
00:01:54,970 --> 00:01:58,830
When you do this the group type attribute changes.

18
00:01:58,900 --> 00:02:06,910
A security group that you have converted to a distribution group therefore loses all permissions assigned

19
00:02:06,910 --> 00:02:11,920
to it even though the ACL still contains the seed.

20
00:02:11,920 --> 00:02:20,500
If you convert a distribution group to a security group the reverse cures the group type attribute changes

21
00:02:20,740 --> 00:02:26,050
and you can now assign permissions to resources to the group.

22
00:02:26,050 --> 00:02:34,540
Consider that when you add a user to a security group the users access token which authenticates user

23
00:02:34,810 --> 00:02:39,910
processes updates only when the users sign in.

24
00:02:39,910 --> 00:02:48,820
Therefore if the user is currently signed in the user must sign out and then sign back in to update

25
00:02:48,910 --> 00:02:55,120
his or her access token with any changed user or memberships.

26
00:02:55,120 --> 00:03:03,340
Now the benefit of using distribution groups becomes more evident in large scale exchange server deployments

27
00:03:03,640 --> 00:03:10,480
especially when you need to nest these distribution groups across the enterprise.