• A domain user is able to connect to vCenter server using PowerCLI (assuming Identity Source for respective Domain Controller is configured on the vCenter Server and the domain user has required rights to connect to vCenter Server using global permissions)
• Using PowerShell, the user is shown able to connect:  

C:\Users\<exampleUser> Connect-CisServer vcenter.example.com

Name                          User                          Port

----                          ----                          ----

[email protected]@example.com... 443

• But the same user is receiving the error "Unable to authorize user" while executing any vCenter Server Appliance Configuration / VAMI related queries:

C:\Users\exampleUser> (Get-CisService -Name com.vmware.appliance.ntp)[0].get()
A server error occurred: 'com.vmware.vapi.std.errors.unauthorized': Unable to
authorize user (Server error id: 'vapi.security.authorization.invalid'). Check
$Error[0].Exception.ServerError for more details.
At line:1 char:1
+ (Get-CisService -Name com.vmware.appliance.ntp)[0].get()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo         : OperationStopped: (:) [], CisServerException
   + FullyQualifiedErrorId : VMware.VimAutomation.Cis.Core.Types.V1.CisServer
Exception

• Using the local SSO Admin User "[email protected]" is successful

C:\Users\vTestUser> Connect-CisServer vcenter.example.com
Name                          User                          Port
----                          ----                          ----
[email protected]... [email protected]   443 

PS C:\Users\exampleUser> (Get-CisService -Name com.vmware.appliance.ntp)[0].get()
time.example.com

• VMware vCenter Server 8.x
• VMware vCenter Server 7.x