I'm testing a new DL and email isn't delivering to my test mailbox. I think I know the reason but I wanted to verify. I want to keep my security group separate from my DL so I can lock down the security group but allow editing on the DL. I want to nest a non-mail enabled security group in a mail-enabled DL, and for the user in that security group to get the email. I suspect this will not work, since the security group isn't mail-enabled. I tested and this is the case. I'd like to verify that this is the expected behavior. If this is the expected behavior, what's the proper way to configure this so a member of a security group gets the email? Do I need to create a dynamic DL with security group membership as criteria? I'm hoping to avoid dual membership for security and DL, as it just adds more admin work. Thanks in advance.

The simple answer is to create mail-enabled universal distribution groups that mirror all the security groups, including group membership. I'm sorry I don't have a better answer.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Jeremy, "I suspect this will not work, since the security group isn't mail-enabled. " Yes, this is as expected. "Do I need to create a dynamic DL with security group membership as criteria?' This is an option. After that, the members of DDG will receive the mails sent to mail-enabled DL. "I want to nest a non-mail enabled security group in a mail-enabled DL" Could you please tell why you cannot mail enable the SG? "I want to keep my security group separate from my DL so I can lock down the security group but allow editing on the DL." Could you please provide an example? By default, in Exchange 2010, when you mail enable an SG, members can be added only by the group owners(Distribution Group->SG properties->Membership Approval). Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Frank Wang TechNet Community Support

Ed, Your answer makes technical sense and it would be the easiest to implement but I fear it would be an admin hassle to keep the two in sync. That's what had me thinking about a dynamic DL. Thanks for the suggestion, though.

Frank, I could mail enable the security group but I'm trying to keep our number of total DLs to a low number to reduce confusion for my users. If I mail-enable my security group, it's possible that people might accidentally email the security group instead of the DL. I'd like to prevent that from happening. For example, if I had 3 security groups and I wanted them all to be addressed through 1 DL, I would need to have 4 groups, all of which would show in the GAL. I'd prefer not to have that. I guess I could go the route of mail-enabling the security group and then hiding it from the GAL. I'll test this and verify that it works correctly. I'll also look into creating a dynamic DL. I see people have some issues with those so I've always avoided them.

Hi Jeremy, I prefer to mail-enable the SG and hide it from the GAL. It is easier. Frank Wang TechNet Community Support

Hi Jeremy, I prefer to mail-enable the SG and hide it from the GAL. It is easier. Frank Wang TechNet Community Support

Frank, I think that's going to be the method I'll use. All I need to do is update some legacy groups from Global to Universal so I can nest them and I'm good to go. Appreciate everyone's input.

I would have suggested that but you ruled it out in your question!Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Understood, Ed. I wanted to avoid it to reduce GAL clutter and wasn't sure if my test was correct. When I saw it was, the option to mail-enable and hide made sense. Thanks for your input and sorry for the confusion.

For what it's worth, I've worked with some organizations that do what you were proposing, that is completely separating security and distribution groups. I think if you were to analyze it, there might be less duplication than you'd think.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."