This issue occurs because:
- Permissions from the nested groups from dissimilar Identity Sources do not get propagated.
For example, if you add the Domain Administrators group to the Local Administrators group, the permissions do not get propagated because Local operating system and Active Directory are separate identity sources.
- The administrators@localos group is granted access to the vCenter Service and the Domain Administrators group is a nested within the local Microsoft Windows Administrators (LocalOS) group.
- The Domain Administrators group has not been granted explicit access to vCenter Server.
- The [email protected] account has access to vCenter Server after an installation.