I'm looking to automate deletions of SCIM users from the local vCenter ID DB on my home lab. I've got the below code so far, the auth piece works, but the actual loop against the input.csv users fails to process with a 'The remote server returned an error: (401) Unauthorized.' message

I've got similar PS code working that adds users, and the rights assigned to the admin account used are standard. Any ideas what might cause it, or how to fix it?

$vcUsername = "VSPHERE.LOCAL\administrator"
$vcPassword = "orangejuice123"

$Users = import-csv "C:\scripts\input.csv"

# Ignore SSL certificate errors (use with caution in production environments)
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy').Type) {
    Add-Type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
                return true;
            }
        }
"@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}

# Step 2: Encode the credentials in Base64
$authString = "$vcUsername`:$vcpassword"
$base64Auth = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($authString))

# Step 3: Create the Authorization header
$headers = @{
    "Authorization" = "Basic $base64Auth"
}

# Step 4: Authenticate and obtain session token
try {
    $sessionResponse = Invoke-RestMethod -Uri "$vCenterServer/rest/com/vmware/cis/session" `
                                         -Method Post `
                                         -Headers $headers                                         
    $sessionToken = $sessionResponse.value
    Write-Host "Successfully authenticated. Session Token: $sessionToken" -ForegroundColor Green
} catch {
    Write-Error "Failed to authenticate. Error: $($_.Exception.Message)"
    return
}

# Step 2: Encode the credentials in Base64
$authString = "${vcUsername}:${vcPassword}"
$base64Auth = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($authString)).Trim()

# Step 3: Create the Authorization header
$headers = @{
    "Authorization" = "Basic $base64Auth"
}

# Step 4: Authenticate and obtain session token
try {
    $sessionResponse = Invoke-RestMethod -Uri "$vCenterServer/rest/com/vmware/cis/session" `
                                         -Method Post `
                                         -Headers $headers                                         
    $sessionToken = $sessionResponse.value
    Write-Host "Successfully authenticated. Session Token: $sessionToken" -ForegroundColor Green
} catch {
    Write-Error "Failed to authenticate. Error: $($_.Exception.Message)"
    return
}

# Step 5: Use session token for subsequent API requests
$apiHeaders = @{
    "vmware-api-session-id" = $sessionToken
}

ForEach ($user in $Users) {
    # Construct the DELETE URI for each user

    $deleteUserUri = "$vCenterServer/usergroup/t/CUSTOMER/scim/v2/Users/$($user.Username)"

    write-host "Processing $deleteUserUri"
    
    
    try {
        # Send DELETE request to remove the user
        Invoke-RestMethod -Uri $deleteUserUri -Method Delete -Headers $apiHeaders
        Write-Host "Successfully deleted user: $($user.userName)" -ForegroundColor Green
    } catch {
        Write-Error "Failed to delete user: $($user.userName). Error: $($_.Exception.Message)"
    }
}


# Step 6: Logout and end session properly
try {
    Invoke-RestMethod -Uri "$vCenterServer/rest/com/vmware/cis/session" `
                      -Method Delete `
                      -Headers $apiHeaders `
                      
    Write-Host "Session ended successfully."
} catch {
    Write-Error "Failed to end session. Error: $($_.Exception.Message)"
}