Active Directory logs information to the Directory Service event log on each domain controller. To increase the amount of logging, change the Windows registry entries. There are several diagnostic values under the HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NTDS\\Diagnostics key. They default to 0 = no logging. other permitted values are as follows:
1 = minimum
3 = medium
5 = maximum
To isolate problems with Identity Synchronization for Windows, the values to set are Directory Access and LDAP Interface Events.