Every once in a while I find myself describing a dynamic Active Directory group as “query based.” This always begs the question, how does this dynamic group differ from Microsoft Exchange’s Query Based Distribution List (QBDL)?
It is actually a pretty simple answer, when GroupID Automate creates a dynamic group, it actually creates the group in Active Directory. Because of that, these groups can be used as distribution lists, security groups, or even mail enabled security groups. The group is sitting there in Active Directory, ready to be used at any time for any purpose.
The distinction being that QBDL’s are just a query that needs to be resolved every time an email is sent to it. The upside to that is the list is up to the minute accurate; the downside is network performance. Consider a short mail-storm with a QBDL in the to: field, every time that an email is sent to that list, Active Directory is being queried. Ouch, you don’t want that.
The second part of the answer is security groups. We recently commissioned a study by the Osterman Group to find out more about Active Directory groups’ usage. I was very surprised that more organizations use Active Directory groups to manage file system access (93%) than to distribute email (66%). Part of this is Active Directory’s market share is obviously higher than Exchange’s, but still, that is a large difference, pointing to how important Active Directory security groups are.
So, you want Active Directory groups to be able to manage access and you want those groups to be accurate. So, you make dynamic security groups. Mail enable them and you have the best of both worlds.
There are times that QBDLs are what you need. But if you are looking for less impact on the network, dynamic security groups, or even a more robust query designer with more conditions available, take a look at GroupID Automate.