On the AD DC side after changing the password of the account used to join vCenter Server to the Active Directory (AD) domain in an “AD over LDAP” configuration, Active Directory accounts are unable to log in to the vSphere Client UI.

Additionally, AD user accounts are not visible under Administration > Single Sign-On > Users and Groups in the vSphere Client.

• vCenter Server 7.0
• vCenter Server 8.0

The password of the account used to join vCenter Server to the AD domain was changed, but not updated in vCenter.
As a result, the connection between vCenter and the AD domain is broken, causing the existing AD account permissions and configurations to become invalid in vCenter Server.

Using [email protected] access the vSphere Client UI.

1. Update the account password in the “AD over LDAP” configuration and rejoin vCenter Server to the AD domain 

2. Reassign the necessary permissions to the AD accounts that require access to the vSphere Client UI.

After performing these steps, AD authentication and access to the vSphere Client should be restored successfully.