What is the difference between an Active Directory Security Group and a Distribution Group?
Distribution Groups – These are used for email distribution. Let’s say we have a group called “Sales” and there are 50 users in that group. We need to send an email to all of them at once. How do we accomplish that? We’d use a distribution group. Within Active Directory, you’d create a group, we’ll call it sales, and add all your sales users to that group. Now when you want to send out a blast email to your entire sales team, you would use a single email address like email@example.com
Additionally, groups can also be updated as users come and go. This helps keep things organized for you, as an Active Directory administrator, as well as your end users.
Security Groups – Security groups have a similar concept to that of distribution groups except that they are used to secure a network resource instead of sending out an email message. Again, lets pretend we have a sales department at Test Company. Test Company has a file server with a shared folder called sales. Only the sales department should have access to this folder. How would you accomplish this?
You could add all of your sales users to the folder individually but that would be extremely messy. You’d have to adjust permissions every time someone left or started at Test Company. Not an efficient way of doing things. So instead, you would create a security group and assign the group permissions to the folder. Let’s call it the Sales-RW group. We know from looking at it, that the group is Sales, and they have Read-Write (RW) access if they are in that group. Now when someone starts or leaves your company, you update the group and the permissions on the folder stay the same. This is a much cleaner way of doing things.