Jessie, I think you would need to look at ldap.maj/ldap.mod, together with the output from pdm_ldap_test, to investigate why those are not synced...that is, why the mismatch between SDM contact repository and AD accounts.
ldap.maj/ldap.mod gives you the mapping and pdm_ldap_test gives you the AD structure of the account like
DN: CN=aixmail,CN=Users,DC=kirklandsd,DC=ca,DC=com
Hope this helps you start investigating. thanks _Chi