How to create mail-enabled security group in on-premise

How to create mail-enabled security group in on-premise, in this article we will check how to create mail-enabled security group in on-premise.

In an on-premises environment, mail-enabled security groups are essential for managing email distribution lists and enforcing security policies. These groups facilitate effective communication and collaboration within organizations. In this article, we will provide you with a step-by-step guide on how to create a mail-enabled security group in on-premises setup using both the Exchange Management Console and PowerShell.

How to create mail-enabled security group in on-premise


To successfully create a mail-enabled security group, ensure that you have the following prerequisites in place:

  1. Active Directory Domain Services (AD DS) environment.
  2. Exchange Server installed and configured.
  3. Sufficient administrative rights to perform the required tasks.
  4. PowerShell version 3.0 or higher (for the PowerShell method).

How to create mail-enabled security group in on-premise

We will check two methods to create mail-enabled security group.

Method 1: Using the Exchange Management Console

Step 1: Launch the Exchange Management Console
  1. Log in to a server with the Exchange Management Console installed.
  2. Open the Exchange Management Console from the Start menu.
Step 2: Access the Recipient Configuration
  1. In the Exchange Management Console, navigate to the ‘Recipient Configuration‘ section.
  2. Click on ‘Distribution Group‘ to view the existing distribution groups.
Step 3: Create mail-enabled security group
  1. Right-click on an empty area in the ‘Distribution Group‘ pane and select ‘New Distribution Group‘.
  2. Choose ‘New Group‘ to create a new distribution group.
Step 4: Select Group Type
  1. In the ‘New Distribution Group‘ wizard, select the ‘Security‘ option and click ‘Next‘.
  2. Choose either ‘Global‘ or ‘Universal‘ based on your organization’s requirements and click ‘Next‘.
Step 5: Provide Group Information
  1. Assign a meaningful name and an optional description to the security group.
  2. Click ‘Next‘ to proceed.
Step 6: Manage Group Membership
  1. Add desired members to the security group by clicking ‘Add‘.
  2. Select the users from the Active Directory and click ‘Add‘ again.
  3. After adding all the necessary members, click ‘OK‘ and then ‘Next‘.
Step 7: Configure Group Settings
  1. Select desired group settings, such as allowing users to send email messages to the group or requiring sender authentication.
  2. Adjust other settings as per your organization’s policies and requirements.
  3. Click ‘Next‘ to proceed.
Step 8: Specify an Organizational Unit (OU)
  1. Choose the organizational unit (OU) where you want to place the security group.
  2. Click ‘Next‘ to proceed.
Step 9: Review Configuration
  1. Review the chosen settings for the security group.
  2. If everything is correct, click ‘New‘ to create the group.
Step 10: Verify Group Creation
  1. After the group is created, you will see a summary of the new security group.
  2. Ensure that the ‘Mail-Enabled‘ option is set to ‘True‘ to confirm it is a mail-enabled security group.

Method 2: Using PowerShell

Step 1: Launch PowerShell
  1. Log in to a server with PowerShell installed.
  2. Open the PowerShell application.
Step 2: Connect to Exchange Server
  1. Run the following command to establish a connection to your Exchange Server:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<ExchangeServerFQDN>/PowerShell/ -Authentication Kerberos
Import-PSSession $Session

Replace <ExchangeServerFQDN> with the fully qualified domain name of your Exchange Server.

Step 3: Create a Mail-Enabled Security Group
  1. Run the following command to create a new mail-enabled security group:
New-DistributionGroup -Name "GroupName" -SamAccountName "GroupSAMAccountName" -OrganizationalUnit "OU=Path,DC=Domain,DC=com" -Alias "GroupAlias" -Type "Security"

Replace the placeholders with your desired values:

  • GroupName” should be replaced with the desired name for the security group.
  • GroupSAMAccountName” should be replaced with a unique SAM account name for the group.
  • OU=Path,DC=Domain,DC=com” should be replaced with the distinguished name (DN) of the organizational unit where you want to place the security group.
  • GroupAlias” should be replaced with an alias for the group.
Step 4: Verify Group Creation
  1. To verify if the group is successfully created and mail-enabled, run the following command:
Get-DistributionGroup -Identity "GroupName"

Replace “GroupName” with the name of the security group you created. 2. Ensure that the ‘RecipientTypeDetails‘ property of the group is set to ‘MailUniversalSecurityGroup‘ to confirm that it is a mail-enabled security group.

By following one of them you can create mail-enabled security group.


Creating mail-enabled security group in an on-premises environment can be accomplished using either the Exchange Management Console or PowerShell. The Exchange Management Console provides a graphical interface, while PowerShell offers automation capabilities. By following the outlined steps in either method, organizations can efficiently manage email distribution lists while enforcing security policies within their Active Directory and Exchange Server environments. This facilitates seamless communication and collaboration, leading to improved productivity and streamlined operations within the organization.

Visit to check more article

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 3 =