Quick sanity check - If I nest an Active Directory distribution group within an Active Directory Security group, will permissions assigned to the AD Security group cascade to the members of the distribution group nested within the security group, or do I need to convert the distribution group to a mail-enabled security group?
The context (if it helps) is that another team has given me a security group to use to give permissions to their team, and after granting permissions to that security group, nobody has permissions. Looking at the membership of that security group, it is a distribution group containing their people. I assume that is why it is not working, but just wanted a confirmation before I push back.
Distribution groups are not security principals if I remember correctly, and therefore cannot propagate secutiry permissions to their members. Pretty sure you need a mail-enabled security group.
Short answer - no but there are limitations. I would recommend just mail enabling the security group rather than nesting, but that would be based of complexity of the members/groups.
If this is for public folders forget it, they must be distribution groups as far as I am aware.
One of our System Analysts found that Microsoft really wants distribution groups inside distribution groups and security groups inside security groups. We are using Exchange 2010 with some groups being managed by a user. When they were security groups the user had no way to change the group membership through Outlook Web Access and only by switching them to distribution groups where we able to fix this.
The end result is that we have to have duplicate groups in some cases (when the group was needed to be used both to prevent users from access files and when they wanted a distribution group).