Need an explanation of how the "mail enabled security group" work compared to "security group", when giving fullaccess and sendAS permissions on a shared mailbox.
Since giving fullaccess with a "AD Security group" won't automap the mailbox in outlook, I read that changing it to a "mail enabled security group" so I did this in exchange managment shell:
Enable-DistributionGroup -Identity "name"
and for permission I used:
"Add-MailboxPermission -Identity "Mailbox Name" -User "Group name"
-AccessRights FullAccess -InheritanceType All -AutoMapping $true "
That this would ensure that the mailbox would be automapped in their outlook?
But now I'm a bit confused about this "mail enabled security group", it shows up in the EMC under groups (the security groups we normally use are only in AD) and it has it's own e-mail addressees?
What is actually the function of a mail enabled security group, since it has it's own addresses and how will this show up for the users that are members?
Best Answer
You can use mail-enabled security groups to distribute messages as well as grant access permissions to resources in Exchange and Active Directory. You can create, modify, and remove mail-enabled security groups in the Exchange admin center (EAC) or in the Exchange Management Shell.
Distribution groups A distribution group is a mail-enabled Active Directory distribution group object that can be used only to distribute messages to a group of recipients. Mail-enabled security group A mail-enabled security group is an Active Directory universal security group object that can be used to assign access permissions to resources in Active Directory and can also be used to distribute messages.
https://docs.microsoft.com/en-us/exchange/recipients-exchange-2013-help?redirectedfrom=MSDN