Originally posted here by ghostmachine hi
what would be the impact if access rights are not allocated to Domain local groups?
and what would happen if global groups are not allocated to domain local groups?
You mean the A G DL P nesting thing? It's purely a recommendation. Just about anything else is simpler, but there's often a performance tradeoff. The smaller the environment, the more likely you are to be able to get away with just putting accounts in global groups and assigning permissions to those.