When domain admin is NOT part of the group, why his token should get invalidated when he revokes a role from the group?
When domain admin is NOT part of the group, why his token should get invalidated when he revokes a role from the group?