I'm having trouble using an Active Directory group to give permissions to objects in vCenter. I can add groups and users from Active Directory to the permissions in vCenter. However, if I only use an Active Directory group, when the user account that's a member of that group logs into the Web Client ( Flash or HTML5), the inventory in the navigation panes don't work (stuck Loading), and accessing different sections results in "Permission Denied" errors.
But if I add that same user explicitly on the vCenter permissions, everything works as expected. It would be ideal that user permissions management could all be handled by the Active Directory server, instead of having to manually grant each user permissions in vCenter. Any ideas what's going on here?
The setup:
External PSC using vCSA
Identity Source added to External PSC
vCenter 6.5 installed on Windows Server 2012 r2 w/ SQL Server 2014
Active Directory group added to "Administrators" group on PSC
Active Directory group added to Permissions tab in vCenter with Administrator Role and Propagate Child Objects enabled.
Also, I've created test groups of both Global and Domain Local security types without success.