Thank you so much for sending me down the correct rabbit trail. Turns out our team did not understand the differences between vcenter authentication and domain authentication, vcenter users were being assigned to the wrong local group instead of domain users imported into privileged group.
Thank you so much!