Active directory security groups
I know that it's best practice to give permissions to resources using the Domain Local groups.
But I need to understand the reasons that I might still ignoring.
1- DLG can have users and groups from other domains but the resources in the domain where the DLG is created.
Comments: since GG can have users and groups from the same domain and can give permissions to resources in the domain where the GG exists or to other domains. why would we use the DLG.
2-Universal group can have members from all other domains and can give permissions to resources in all other domains. what would be the problem using the UG instead of DLG or GG.?