Problems passing Domain credentials to script block on a remote machine to create a child domain

Hello all

I'm beating my head against a wall with something. I'm developing a script that deploys a 2 level domain onto vCenter and I'm running into problems with the code when deploying the child domain. Specifically, I'm having issues getting my credentials to pass to the guest VM. I'm using Invoke-VMScript because the networking is generally unreachable but I can connect to vCenter just fine. Oh and these VM's are Windows 2016 with a GUI and I'm current on PS patches/levels.

#DC Names
$DomainControllerVMName_01 = "AD01"
$DomainControllerVMName_02 = "AD02"
#$DomainMode = "WinThreshold"
#$ForestMode = "WinThreshold"
#$DomainName = "Datum.local"

$ChildDomainName = "child.datum.local"

#DC Credentials
    $DCLocalUser_01 = "$DomainControllerVMName_01\administrator"
    $DCLocalPWord_01 = ConvertTo-SecureString -String "P@ssw0rd123" -AsPlainText -Force
    $DCLocalCredential_01 = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DCLocalUser_01, $DCLocalPWord_01

   $DCLocalUser_02 = "$DomainControllerVMName_02\administrator"
    $DCLocalPWord_02 = ConvertTo-SecureString -String "P@ssw0rd123" -AsPlainText -Force
    $DCLocalCredential_02 = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DCLocalUser_02, $DCLocalPWord_02
#Domain Credentials
    $DomainUser = "Datum\administrator"
    $DomainPWord = ConvertTo-SecureString -String "P@ssw0rd123" -AsPlainText -Force
    $DomainCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DomainUser, $DomainPWord

# Script Blocks
# Install Roles/Features
$InstallADRole = @'
Install-WindowsFeature -Name "AD-Domain-Services" -IncludeManagementTools
'@
#Install parent domain
$ConfigureNewDomain = @"
Install-ADDSForest -InstallDns -ForestMode $ForestMode -DomainMode $DomainMode -DomainName $DomainName -SafeModeAdministratorPassword (ConvertTo-SecureString -String "P@ssw0rd123" -AsPlainText -Force) -Force
"@

# Install Child domain

$ConfigureChildDomain = @"
Install-ADDSDomain -Credential $DomainCredential -InstallDNS -CreateDNSDelegation -DomainMode $DomainMode -NewDomainName $ChildDomainName -ParentDomainName $DomainName -SafeModeAdministratorPassword (ConvertTo-SecureString -String "P@ssw0rd123" -AsPlainText -Force) -Force -NoRebootOnCompletion
"@

# Begin  Install of DC01

Invoke-VMScript -ScriptText $InstallADRole -VM $DomainControllerVMName_01 -GuestCredential $DCLocalCredential_01

Invoke-VMScript -ScriptText $ConfigureNewDomain -VM $DomainControllerVMName_01 -GuestCredential $DCLocalCredential_01

# Begin Install of DC02

Invoke-VMScript -ScriptText $InstallADRole -VM $DomainControllerVMName_02 -GuestCredential $DCLocalCredential_02

Invoke-VMScript -ScriptText $ConfigureChildDomain -VM $DomainControllerVMName_02 -GuestCredential $DCLocalCredential_02

There is of course other things that happen like reboots, delays and checks for services starting but it's really the child domain that stumps me. At this point AD01 is up and configured and AD02 has it's roles added. I've been running individual commands all day trying to figure this out. No matter what I try I keep getting a 'Cannot bind parameter 'Credential' and it can't convert the "System,Management.Automation.PSCredential value of type "System.String". I'm assuming it's because the password is encrypted and the remote system can't un-encrypt it. I've also moved the domain credentials to the $ConfigureChildDomain script block and changed double quotes to singles but it's just not clicking with me. Anyone have any insight? This is actually a problem I'll have later on as well so any help is appreciated.

Peace