In a multi-domain forest where Lync is installed, you may find regular instances of Event ID 2896, the details of which will indicate that Lync servers are the culprit.
This can be due to the schema of the domain not being extended with Lync DomainPrep. This is expected behavior. Lync Servers will attempt to synchronize with all domains in the forest regardless of whether or not there are Lync users in these domains. This error is harmless although it may cause the Directory Service Event log to grow continuously. Microsoft recommends running Lync DomainPrep on these domains to eliminate the error. WHICH I THINK is a stupid idea... just configure your logs to roll appropriately.
Here is an example:
Log Name: Directory Service
Date: 11/26/2013 12:30:01 AM
Event ID: 2896
Task Category: Replication
A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error.
8453 Replication access was denied.
The client may not have access for this request. If the client requires it, they should be assigned the control access right "Replicating Directory Changes" on the directory partition in question.