Windows Server 2012 - Domain Local Group not getting members?

Hi,

I have a single forest with 3 subdomains, all Windows 2008R2 functional level and recently I decided to add a Windows Server 2012 (after some lab tests) on the smallest subdomain we had with 2 DC's Windows 2008R2 on that domain.
Since all was going smooth, with the 1st DC after some weeks, I decided to add the 2nd DC and that subdomain, both were fresh installs, by the way.

So that subdomain have 2 DC's on Windows Server 2012, but domain functionality level we kept on Windows 2008 R2.

All went, so far good until we noticed one GPO wasn't working properly, our Restricted Groups GPO that add some users of IT from Service Desk Team.
Odd that only happens on that particular subdomain, all others that have the exact settings and philosophy keeps working properly.

Imagine the following scenario:

Domain contoso.local with following subdomains, hq.company.local, stores.company.local and brand.company.local

On hq.company.local we have the IT group (Global) that belongs ServiceDeskLocalAdmins (Universal)

On each subdomain (all 3) the hq\ServiceDeskLocalAdmins and respective Domain Admins (Global), it's mapped to a DomainLocalAdmins (Local) on each subdomain.

This scenario it's the way that been working all these last years (and best practices nesting groups, i believe), now since we upgraded (fresh installs) the 2 DC's of brand.company.local, it stopped working only on that domain.

Appears that brand\DomainLocalAdmins doesn't read/get the members from hq\ServiceDeskLocalAdmins and brand\Domain Admins on the Restricted Groups, while the others subdomains, keeps working fine like before.

If i test the same user membership on 3 subdomains, it goes well on hq and stores subdomain:

The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        ...
        ServiceDeskLocalAdmins 
        DomainLocalAdmins

But, if i test the same user membership on brand subdomain:

The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        ...
        ServiceDeskLocalAdmins 

The DomainLocalAdmins it's not list there and same goes for Administrator of Domain

I could map directly on Restricted Groups GPO directly hq\ServiceDeskLocalAdmins and brand\Domain Admins groups, instead of using brand\DomainLocalAdmins, but before I start rolling more DC's on 2012, I would like to understand, why this happening?

Thanks for your help or any tip.