So I was successful in executing the necessary steps to be able to log on automatically in the Web Client with current Windows credentials (domain administrator), and assign "admin role" at the vCenter Server level to this individual AD user account to administer the entire vSphere infrastructure.
However, it is of course recommended to use AD groups instead of individual users. So I created a security group in the domain (tried both with Global and Universal group), and used THAT instead of the individual "administrator" user. However, when I do it that way I simply don't get the necessary permissions??? In the Web Client immediately visible by the fact that "0" is shown for the number of datacenters, clusters, hosts, VMs etc...
Obviously I already logged off/on from the vCenter Server Windows system, checked my AD kerberos access token with "whoami /all" to confirm that it mentions the SID of the new group... Any idea what I'm missing? Could there be issues with the name of the group, that some characters are not supported (I remember I used an underscore)?
JH