@Allan Reese, Thanks for posting in Q&A. For the Intune enrolled device, is it Microsoft Entra joined device or a Microsoft Entra hybrid joined device?
If it is a Microsoft Entra joined device, it is not joined AD domain and it is unable to do LDAP query due to authentication issue.
Please check the above information and if there's any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.