I have come across an issue where I have invalid SSO users listed in the Administrators group that causes "A vCenter Single Sign-On Service error occured" and I need to find a way to remove these stale users from the Administrators group
/usr/lib/vmware-vmafd/bin/dir-cli group list --name 'Administrators'
Enter password for administrator@vsphere.local:
cn=Administrator,cn=Users,dc=vsphere,dc=local
CN=machine-eff691c0-6076-430f-9767-a187a117e387,CN=ServicePrincipals,DC=vsphere,DC=local
CN=vsphere-webclient-eff691c0-6076-430f-9767-a187a117e387,CN=ServicePrincipals,DC=vsphere,DC=local
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-94424866
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-1094482
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-5099061
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-91825835
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-26371790
externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-556046
Anyone know a way to manually force the removal of these SSO items?
Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver
**The Cloud is a journey, not a project.**