Invoke-Command to a DC for replication not working in Windows 11

Question

I have a weird problem hoping someone can help with this.

So I have 2 systems. One is Windows 10 22H2, one is Windows 11 23H2. Both are brand new installs. Both are on the domain, in the same OU, getting the same GPOs (no WMI filtering). I am a domain admin. I log into the Windows 10 with my AD account, run powershell, then do the following

invoke-command DomainController {repadmin /syncall}

It works by syncing all of my DCs correctly

When I log into the Windows 11 and run the same command, I get this:

Syncing partition: DC=DomainDnsZones,DC=contoso,DC=com

CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=CONTOSODC,CN=Servers,CN=CON,CN=Sites,CN=Configuration,DC=contoso,DC=co
m (network error): 5 (0x5):
    Access is denied.

And the above message repeated multiple times (for how many DCs in my environment)

Both machines have the same PS execution policy as below:

MachinePolicy: Undefined; UserPolicy: Undefined; Process: Undefined; CurrentUser: Undefined; LocalMachine: Unrestricted

Both machines running PowerShell as elevated (per group policy settings, confirmed by "administrator:" on top of the CLI windows)

Both have UAC disabled (per group policy)

$PSVersionTable on the Windows 10 machine shows

PSVersion                      5.1.19041.3930
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.3930
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

and Windows 11 shows

PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

If I log into one of the DCs and do "repadmin /syncall" it works without any issue.

If I use other commands like invoke-command DomainController {some scripts or commands} then it works fine on both machines. It seems like it doesn't like "repadmin" for some reason.

I also tried

invoke-command DomainController -scriptblock {
    & 'C:\Windows\System32\repadmin.exe' /syncall
}

Same result. It works on the Windows 10 machine but not on the Windows 11 machine. What are some things I should look for?