Using the following script:
$cred = Get-Credential
Invoke-Command -ComputerName "target-win" -ScriptBlock {
function get-sid
{
Param ( $DSIdentity )
$ID = new-object System.Security.Principal.NTAccount($DSIdentity)
return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()
}
$admin = get-sid "TrapTest2"
$admin
}
I can query the SID of all local users on the remote computer, target-win. However, I can only do this if I enter credentials of a domain admin. If I enter credentials of a local admin on that machine, it fails with:
"[target-win] Connecting to remote server target-win failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential."
I have not been able to find a reason that clearly explains why domain admin credentials must be used for this. What am I missing?