When you remove users or groups, you also remove permissions granted to those users or groups. Modifying a user or group name causes the original name to become invalid.

See the Security chapter in the ESX Configuration Guide or ESXi Configuration Guide for information about removing users and groups from an ESX/ESXi host.

To remove users or groups from vCenter Server, you must remove them from the domain or Active Directory users and groups list.

If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere environment and cannot log in again.

Note

Users who are logged in and are removed from the domain keep their vSphere permissions until the next validation period. The default is every 24 hours.

Removing a group does not affect the permissions granted individually to the users in that group or permissions granted as part of inclusion in another group.

If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server system. If you change the name of a group, the original group becomes invalid after you restart the vCenter Server system.