We recently had to rebuild our network and set up a new domain. Our mailboxes have always been hosted in Microsoft 365, but I've been creating distribution email groups in on-prem Active Directory. I'm currently discussing this with my boss, who prefers creating them in on-prem AD since it syncs with Microsoft 365. However, some system administrators I know recommend managing these groups directly in Microsoft 365. I'm interested in hearing what others think about the best practices for creating distribution groups in my scenario.
5 Answers
It really depends on your specific situation. If you're using these groups for security purposes, like NTFS on file servers, then they need to stay in Active Directory. But if that’s not your focus, I totally agree—keeping them in Microsoft 365 is more straightforward.
I’m only focusing on distribution email groups, not anything security-related.
I definitely lean towards using Microsoft 365. It fits Microsoft's overall direction towards getting more functionalities in the cloud. Plus, it allows for easier delegation of group management, letting users handle their own distribution lists without needing constant IT intervention. Not to mention, dynamic groups can be a huge time-saver.
Exactly! Letting users manage their own distribution lists is ideal—after all, they often know who should be on them better than IT. Plus, managing everything in the cloud makes email routing a lot simpler.
But how do you manage distribution lists that are hidden in the Global Address List? That creates some challenges.
It's nearly impossible to fully transfer those AD distribution groups to the cloud cleanly; they’ll always remain in AD as a reference. It's cloud or nothing.
Creating distribution groups in Microsoft 365 is definitely the way forward. If you use PowerShell, you can set up dynamic distribution groups that adjust their members automatically, which really reduces the workload for admins.
I'd suggest going cloud-first. The only time to create a distribution list on-prem is if you still have mailboxes on-prem that need to be included. With current technology, you can migrate more users to the cloud than you might think—hybrid systems are much easier to manage now.
Just so you know, you should avoid using a distribution group for security access. Security groups are meant for that.