Step away from PowerShell Web Access (PSWA) for a moment. Come back to it (and create your authorization rule(s)) when everything below is working.
As you’ve witnessed, if you connect to a remote Domain Controller using PowerShell Remoting, you can run cmdlets in the ActiveDirectory module without any problem. As well, you’ve also seen the problem with PS Remoting to a member server with the AD tools installed, and that you can’t run the cmdlets. There’s two ways to get around this: one, CredSSP, and two, a PowerShell constrained endpoint. I’m not going to focus on CredSSP since it has security problems, and since we can get around this problem by creating an endpoint.
On the member server (that has your AD tools), you need to create an endpoint. Start by running New-PSSessionConfigurationFile with the -Path parameter and a valid path, such as New-PSSessionConfigurationFile -Path C:\PSendpoints\ADendpoint.pssc. There’s plenty of other parameters, but this will get your session configuration file created (note that the term endpoint, and session configuration are basically interchangeable). Now, use the Register-PSSessionConfiguration cmdlet with the -Name parameter (give your endpoint a name), the -Path parameter (the path to your .pssc file), and the -RunAsCredential (domain\username and it’ll prompt you for your password). This can be any AD account for Get-* cmdlets, but will need to be an elevated account if you plan to change group memberships, change accounts, etc. To remove an endpoint, use Unregister-PSSessionConfiguration -Name NameOfEndpoint.
Now you can connect to the new session configuration from your workstation: Enter-PSSession -ComputerName -ConfigurationName NameOfEndpoint. If you’ve done everything right, and I haven’t missed a step, you should be able to use those cmdlets with any problems. I’ve been able to at least.
Once this endpoint is done, you can return to your PSWA server and create a new authorization rule. Be sure to include the name of you endpoint as the value for the -ConfigurationName parameter, and when you use PSWA, to click ‘Optional connection settings’ and enter your endpoint name where it says Configuration name. Good luck and let me know if you have any follow up questions. It can be overwhelming since you’re new to PowerShell!