An AD account has joined the vCenter SSO Administrator Group. When you want to remove the AD account from the vCenter SSO Administrator Group, it cannot be removed.

After clicking "Remove Member" button, when you refresh the web page or re-login, the AD account will appear again in the SSO Administrator Group member list.

vCenter Server 8.0.3

The reason is removal AD account operation is not compliant. 

The AD account has been deleted from AD before removal from vCenter SSO Administrator Group. Therefore, when removing it from vCenter( AD client), the account no longer exists on AD server, resulting in this issue.

The correct removal order is 

• First, remove AD account's permissions and settings from AD client.
• and then remove the AD account from AD DC.

workaround:

1. Temporarily restore the AD domain account in AD DC.
2. Remove it from the administrator group on the vCenter.
3. Remove the account from AD DC.