Hi, fdsfsd zh
This is Chaboon.
I tried executed Get-DnsServerResourceRecord on a Domain Controller, DNSAdmins Group is completed, but only Domain Users Group is not complated. Also , I tried executed Get-ADUser, DNSAdmins Group is completed, and Domain Users Group is complated. I do not configred WMI permissions.
I seem ,you are not necessary to WMI permissions and must be setting "LocalAccountTokenFilterPolicy" registry.
You can see below article :
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction
Regards,