If you only have one domain (with or without multiple sites), and membership doesnt change frequently, do you simply put users in a domain local group for permissions, or would you still put users in global groups and nest them in the domain local group? I'm looking for the MS response and not the real world way, 2 compleeeeetely different things most of the time