Deprecated AD account is able to login with administrative permission despite not being defined at SSO or vCenter level.

vCenter Server 8.x

The user is defined as an administrator under Hamburger Menu>Administration>Single Sign On> Users and Groups>Groups>Administrators UI.

There can be more than 10 users defined in this group, and it paginates into pages after that and hides the user from view.

Check the bottom right for pages and use the > to navigate until the user shows in the list.  Click the three dots next to the user and click Remove Member.