We are trying to run a permissions inventory script (based on the get-acl command) against a file share on a file server running server 2016. The script is being run 'remotely' from a workstation joined to the same domain as the file server opposed to locally whilst RDP'd onto the server, which may be having an impact. The script is also being run under the context of a domain admin account, which is therefore a member of the local admins group on the server.
I have double checked the share permissions on the share (D:\Shared) to rule out anything unusual (Everyone group has Full on the share ACL, BUILTIN\Administrators (which includes domain admins) – Full on the directory ACL side of things). However, we are hitting a number of errors on certain folders "Get-Acl: Attempted to perform an unauthorized operation", which some quick searches online suggest this is permissions related that was not expected given the permissions of the account running the script. Is there any obvious work around to this to help get a full report (e.g. where the script is run from for example) – I cannot see why a domain admin wouldn't have full control over all sub directories, and we don't really want to be amending delicate permissions for the sake of a script.