Sorry this is so late, this issue was resolved. Prior to me working here the MAC admins were given an AD / OU to Bind the Apple MAC OSX machine to (CN=MAC,DC=xx,DC=xxx).
For some reason if the MAC's are not in the default CN=Computers,DC=xx,DC=xxx OU windows security logs will never populate?
After we move all of the AD objects "Apple MAC's" to the correct OU (CN=Computers,DC=xx,DC=xxx), security event logs started working and populating PAN-User-ID.
I hope this helps.