Hi
Are you sure that the group name is correct ?
Try launch the following command:
$AdminUser = Get-ADGroup -identity "domain administrators" -Server "domain.lan"
$ADAccount = $AdminUser.SID.Translate([System.Security.Principal.NTAccount])
Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals $ADAccount
Please don't forget to mark helpful reply as answer