I am trying to run a scheduled task with a user account that only has "domain users" group membership. I can also run the Powershell ISE as this alternate user to simulate this. I am getting the same error. If I run any Active Directory Powershell command like get-aduser or Get-ADDomainController, I get the error: "Either the target name is incorrect or the server has rejected the client credentials." If I specify the argument -server aDomainController.MyDomain.com, then it works. Specifying -server MyDomain.com also does not work. The machine I'm running the command from, my account, and the alternate account are all in the same domain.
Can anyone explain to me what is happening here? Or, how can I make this work? I don't want to specify a domain controller because I want to keep the script generic and also not assume the availability of a particular domain controller. Usually, the Windows authentication process takes care of domain controller selection for us. I don't want to have to build in domain controller discovery into my script just so that I can run it with a read-only account instead of a domain admin.
- There is no firewall involved.
- I'm running Windows Server 2019 on my machine, 2012 R2 on the domain controllers.
Edit: this also happens with a domain admin. So, apparently anything other than my logged on account. So, a scheduled task isn't possible if it queries Active Directory? Now, I'm thinking some policy setting is breaking this.
