Hi B
Assuming you have not multiple AD Sites with Replication Problems / Latency ore something ... perhaps this could be an issue:
In my script i user QAD-Cmdlets ... as i wrote this script powershell had no "default"-module
It might be that the QAD-Cmdlets returns other strings by default than them from Microsoft.
I suggest to play with this line to get an answer.. i'm not able to test this now.. excuse..:
$perm.principal = $mrdgrp
# Does "principal" eventualy implies PrincipalName? Something like:
$perm.principal = 'VMCA_group_name@C********.EDU'
# Or second try..
$perm.principal = 'C********\VMCA_group_name'