NTDS Writer will throw a very vague event in the event log when it fails due to lack of permissions:EventSystem warning 4354 : "The COM+ Event System failed to fire the RequestWriterInfo method on subscription. The subscriber returned HRESULT 80070005"
Security Considerations for Requesters documentation on MSDN: Security Considerations for Requesters
Third party backup vendors may use the technique of extracting the system files from a volume snapshot. If backup software uses this method, the backup will not include the NTDS.dit file in the system state even though it was in the original volume snapshot.