通过AWS EC2(windows)用户数据脚本运行Set-AdComputer命令时权限不足

我正在尝试通过 ec2 用户数据脚本更新 EC2 实例的 AD OU（计算机对象）属性。我看到

 "Message: The errors from user data script: Set-AdComputer : Insufficient access rights to perform the operation"

这对我来说没有意义，因为用户数据以根权限/管理员级别权限运行，对吗？有什么见解吗？下面是来自

Ec2UserDataExecution.log

的专家

2023/04/26 05:44:11Z: <powershell> tag was provided.. running powershell content
2023/04/26 05:44:14Z: Message: The errors from user data script: Set-AdComputer : Insufficient access rights to perform the operation
At 
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Amazon\EC2-Windows\Launch\InvokeUserData\UserScript.ps1:27 
char:2
+     Set-AdComputer -Identity $Hostname -Description "XXXXX ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (XXXXXX:ADComputer) [Set-ADComputer], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirectory.Management.Commands.SetADComputer
 

2023/04/26 05:44:14Z: Message: The output from user data script: 
Success Restart Needed Exit Code      Feature Result                               
------- -------------- ---------      --------------                               
True    No             NoChangeNeeded {}   

通过 ec2 用户数据脚本更新 EC2 实例的 AD OU（计算机对象）属性 - windows

# Pull required username and password from AWS Secrets
$UsernameAndPasswordForPrivilegedAccount = ConvertFrom-Json -InputObject (Get-SECSecretValue -SecretId arn:aws:secretsmanager:us-east-1:<AWS Account Number>:secret:<AWS Secret Name>).SecretString
$CredentialsForPrivilegedAccount = (New-Object PSCredential($UsernameAndPasswordForPrivilegedAccount.UserName, (ConvertTo-SecureString $UsernameAndPasswordForPrivilegedAccount.Password -AsPlainText -Force)))

# Use credential with the command
Set-AdComputer -Credential $CredentialsForPrivilegedAccount -Identity $Hostname -Description "XXXXX ...

Key/value     Secret value
 username      <MYDOMAIN\myprivilegedusername>
 password      <mypassword>