Get-VIPermission -Principal "User/Group name" | FL
EntityId : Datacenter-datacenter-XXXX Entity : User/Group name Role : Role Name Principal : User/Group name Propagate : True IsGroup : True
There you can see the EntityID / Entity and Principal for the group also the orphand one will show up.
Get-VIPermission -Entity "vm1.briemle.lab" -Principal "briemle.lab\VMware-User" | Remove-VIPermission
Perform operation? Removing permission on entity 'vm1.briemle.lab' for principal 'briemle.lab\VMware-User' and role 'Administrator' [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
So you can verify the EntityId and delete your orphaned one and ignore the rest.