Explicitly assign permissions to the vCenter server for the “Domain Admins” group by logging in as the local administrator, select the vCenter server, then go to the “Manage” and “Permissions” tabs. There you can add full admin permissions for the “Domain Admins” group.
via vCenter Single Sign-On 5.5 Not Recognizing Nested Active Directory Groups | VMware vSphere Blog – VMware Blogs.