After removing an identity source from vCenter, and then adding it back, users in the domain are not able to log in. User/group permissions previously configured are still present, however, users with the privileges still cannot log in. When trying to login, an error is thrown stating that the user does not have permissions to vCenter Server:

When an identity source domain is removed, the user/group permissions are still defined, just not mapped to the identity source. If you add the identity source domain back, users cannot authenticate with those same previously defined permissions, unless you re-map the permissions.

In order to allow users to log back in to vCenter Server after adding the identity source back, the permissions must be re-mapped to the identity source.

This process of re-mapping can be done automatically by utilizing the fixalias.py script and following the resolution steps from article "Fix AD Domain alias for ADFS via shell script".

Renewing LDAPS certificates for an LDAPS domain requires removing then adding the LDAPS identity source back. In that workflow, the fixalias.py script noted in the Resolution section of this article could be used to quickly re-map the permissions.