Thanks Manoj.
You are exactly right, the script defaults to Enterprise authentication (-NsecEnteprise) where it should be using LDAP instead (-NsecLDAP) as the associated accounts are using LDAP authentication.
As the Management Console never asks for the authentication method when generating the execution scripts - will it inherit the authentication method that was used to authenticate with CMC (IPS) when logging into the DS Management Console? Or will it always default to Enterprise and will it require manual changing to the proper authentication type? (Windows AD, LDAP, SAP, etc?).