I think you'll find that you're encountering the "Second Hop" problem. You can't use the credentials passed from local machine to SERVER02 when your Get-DnsServerResourceRecord tries to connect to MYDC01. The cmdlet uses WMI/CIM and it's probably being denied permission. The reason, I'm guessing, is probably an error "5" or "1722".
# create session from local machine (machine #1) to SERVER02 (machine #2)
$session = New-PSSession -ComputerName server02 -Credential Account01
# Run Invoke-Command on SERVER02 (machine #2)
Invoke-Command -Session $session -ScriptBlock {
try {
Write-Host $env:COMPUTERNAME;
# Try connecting to MYDC01 (machine #3) from Server02 (machine #2)
$dnsrecords = Get-DnsServerResourceRecord -ZoneName mydomain.com -ComputerName mydc01 -ErrorAction Stop |
Where-Object { $_.RecordType -eq "A" -Or $_.RecordType -eq "CNAME" } |
ConvertTo-Json
Write-Host $dnsrecords
# Note: $dnsrecords never returned to SERVER02!
}
catch {
$_ # return $Error[0] to Server02
}
}
# remove session with SERVER02 (machine #2)
Remove-PSSession -session $session