Hi, I would like to understand why in several sites and manuals it is advised, in order to grant the authorization to the resources of a domain, to create a local domain group that contains the global groups as members. Wouldn't it be simpler to assign the authorizations directly to global groups since they have the possibility? Thanks ps: I'm italian, please excuse me for my terrible english