Our organization is set up on a private block of IP's so for the most part, in our practice, it has been much simpler to sort by IP. Of course variables like DHCP lease time and devices with multiple IP's can get tricky every once in a while. For that reason we also track devices by MAC separately using either 3rd party software or switching up the filter on occasion.
We've seen (and this only seems to happen to Mac users) that the AD user that's "logged in" on the laptops (again only the macintosh ones) will sometimes get the wrong IP (we track via ip currently) and thus when you look up the IP it can show the previous person who had that ip, and the Macintosh user will not have AD rights for certain things... like access to social media.
The only way we've been able to work around this is search by mac... to find the actual device and then force it into the correct security group
*i can't tell if that is confusing to anyone else... so if so i'll try to clarify again, lol*