If the administrator password for the Single Sign On system expires and you are unable to log in to the vSphere Web Client, a user with Single Sign On administrator privileges must reset it or you have to reset password from command line.
Reset vCenter SSO Password
2. Run the following command
3. Enter the current password for the user, even if it has expired.
4. Enter the new password and enter it again for confirmation.
Lockout Policy Basics and Configuration parameters
Security Best Practice: You cannot rename admin@system-domain user, instead it is recommended to create equivalent user with same privileges as admin user and disable admin user. It is also recommended to change the password and account lockout policy to same as your active directory domain