Logging of token related administration can be enabled by creating a new DWORD registry key as below:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PassGo Technologies\Defender\Defender AD MMC
HKEY_LOCAL_MACHINE:SOFTWARE\PassGo Technologies\Defender\Defender AD MMC
New DWORD: LoggingEnabled and set the value to 1.
When Active Directory Users & Computers (ADUC) is next opened token administration information will be written to the Defender event log, which can be seen in the Windows Event Viewer within the 'Application and Services Logs' section.
The list of events is listed in the Defender Administrator Guide – Appendix E, section “Administrator Console messages” available here