Some questions on vCenter Server and Active Directory working together:
1. What is the proper order in which to shut down vCenter server and Active Directory and what is the proper order to bring them up again?
2. I am patching Windows on vCenter Server and it's associated Active Directory and they need to have multiple reboots. How should I prepare for this? What services do I need to stop on both servers before doing this for example to stop them from trying to communicate until they are both ready to come back into service? What are the possible impacts or problems with doing this?
3. What issues might I face with vCenter Server's permissions info getting updated or not getting updated properly from Active Directory through this process - how do I mitigate those risks or solve them if they occur.
vCenter relies on AD for user authentication when connecting to the application and executing any action in it. But it is not used for its internal work. So even if AD is not available, vCenter and all ESXs do work properly. You just can't connect using any Directory account, but you can use a local one.
As vCenter uses AD, the best way would be to stop it before the DC and on reboot, restart them the reverse order.