At my wits end with it now so any input is helpful..
the Juniper/Trapeze MX wireless controller is in fact communicating effectively with your Network Policy Server and that basic user authentication is taking place.
The issue with your system lies within your server farm and has manifested itself by preventing Network policy server from overruling the dial in settings on your active directory. It is also evident that the Certificate Services Web front end Is no longer running on any of your Domain Controller servers (this was set up on either DC1 or DC2 during the summer break when the school refurbishment was in progress).
The authentication issues you are experiencing appear deep rooted in your system and will require major work on the Active Directory system and domain controllers as well as work on certificates and Network Policy Servers. This issue is not with the Trapeze / Juniper controller.