Thank you for your answer. I'll try to be more specific: assume that in a given OU there is a set of security groups, each one identifying internally a specific role. To give a couple of examples, the security group F-Secretary in that OU identifies a secretary. That group is already member of one or more other domain security groups (in other OUs) which give access to the resources the security group controls. Or you have the security group F-Head of Department, which is member in turn of all the security groups controlling the resources an head of department should access.
The idea behind is that by making a given user account a member of one of those 'role' groups will give the user access all the necessary resources. Hence the idea of making the user a member of just one of the 'role' groups, plus of course making room for additional specific needs an user could have in terms of membership.
For the help desk it would be helpful to have a 'guided' way to add the user to its role, but of course it is perfectly possible to do the same with the provided "Add to group" feature, except that it's less inmediate and it doesn't avoid possible manual errors, apart from browsing among tens or hundreds of security groups.
I don't know if the above explains better what we do have in mind.
Thanks a lot!