I've been looking for a best practice guide from Microsoft but could not locate the information. What is Microsoft's guide/suggestion on using/not using a mail enabled security group? What are the advantages or disadvantages of using/not using this group? Thanks, James P

I don't like using mail enabled security groups for the following reasons 1) Administration of distribution lists is usually done by separate people. The people maintaining the distribution lists are not trained in the same practices in maintaining security groups and will inadvertanly place users in that should not be added. Putting practices and policies can be done but they are rarely followed and easily forgotten. You can secure these groups preventing un-authorized users from modifying them, but that can be problematic as well. 2) Naming conventions are usually different for security groups vs distribution groups, creating issues for one process or the other. Having separate groups eliminate this as an issue. 3) Ultimately someone will need to be on the distribution list but does not actually need access. For this reason alone, it would be considered a best practice to have separate security and distribution groups for the items in question. Allowing managers, higher ups, or just low level/part-time/barely have a reason to attend a meeting project people to give and receive direction, but not actually have any access the items being secured. I believe in a resource security model and that by definition would separate out different resources (an items security vs an items notification process) into separate groups allowing those resources (security vs notification) to be managed indendently and by different sets of users.

So, it doesn't look like there's any technical reasons not to use distribution groups, just practical. Thanks.