Resources are in the source domain. "Domain Local" groups of source domain are applied on resource ACL. Those source domain local groups had been migrated from source domain to target domain using Sid History and scope of the source domain group had been changed from domain local group (in source domain) to Global group (in target domain) meaning that now global group in target domain have Sid of source domain local group in Sid History attribute.

So If I add newly created user (created in target domain) inside migrated global group, his access token contains:

Sid for target domain user account
Sid for migrated global group of which the user is a member.
Sid for source domain local group in Sid History attribute of migrated global group

So newly created user now has Sid of source domain local group in his access token and that user will be able to access resource without source domain local group membership (either directly OR indirectly via nesting of migrated global group inside source domain local group).

Please confirm if this statement is true?

If the above statement is true and access on resource(source domain) is granted on the basis of Sid History, then why / what is the point of nesting migrated global group into source domain local group? In my AD infrastructure, I see that migrated global group is nested inside source domain local group.Why is this required? What is the main reason? Kindly explain.

I'm getting confused between "Resource access via Sid History Vs Resource access via Group membership" as the title says. 

So it would be great help if you share link of good articles for below mentioned topics that can clear all my doubts and confusion.

1- Understanding Microsoft's Best Practice for group management

2- Resource access controls

3- Sid History

Please explain specific to all queries mentioned above.

Thanks in advance!