Thanks again for your help! This ended up leading us to the exact cause. After opening up the ACL on the controller to allow all, we had consistent successes. We added each access-list entry to the ACL and found out that I'm a dummy.
I was allowing DHCP services to only the DHCP server. I'm not a DHCP expert, but the clients have no idea who the server is; they just send out broadcasts. So there is no unicast/single host I can allow DHCP requests to....I have to allow DCHP services to any host, which once I did, it worked.
I'm assuming it worked sometimes was that at some point the ACL was non existent or not applied and hosts were pulling an IP just fine. While some users weren't on the WiFi during this point and then after applying the ACL they weren't able to pull an IP.
Thanks again for the help!!!