I'm going through an audit and I'm being asked, "... these accounts & groups are maintained on the vCenter, is there any reason to keep the rest of the accounts and/or groups if they are not being used?" I can understand the direction they are going but its my understanding VMware only adds accounts and groups that it needs and uses. I'm unable to find any documentation outlining this configuration. Does anyone have any recommendations or can point me in the right direction? It seems, "Trust me, VMware wouldn't steer me wrong" isn't a good explanation to them. Thank you.
Whether you think you are using them or not, there is a reason VMware has them in their vsphere.local SSO domain (or whatever you called yours)
You are absolutely asking for trouble if you decide to start randomly deleting things. At least open an SR with support, or try it in a lab