Value: 0x1
Requests secure authentication. When this flag is set, the WinNT provider uses NT LAN Manager (NTLM) to
authenticate the client. Active Directory will use Kerberos, and possibly NTLM, to authenticate the client. When
the user name and password are NULL, ADSI binds to the object using the security
context of the calling thread, which is either the security context of the user account under which the
application is running or of the client user account that the calling thread represents.
Value: 0x2
Requires ADSI to use encryption for data exchange over the network.



Value: 0x2
The channel is encrypted using Secure Sockets Layer (SSL). Active Directory requires that the Certificate
Server be installed to support SSL.

If this flag is not combined with the ADS_SECURE_AUTHENTICATION flag and the
supplied credentials are NULL, the bind will be performed anonymously. If this flag
is combined with the ADS_SECURE_AUTHENTICATION flag and the supplied credentials are
NULL, then the credentials of the calling thread are used.



Value: 0x4
A writable domain controller is not required. If your application only reads or queries data from Active
Directory, you should use this flag to open the sessions. This allows the application to take advantage of
Read-only DCs (RODCs).

In Windows Server 2008, ADSI attempts to connect to either Read-only DCs (RODCs) or writable DCs. This
allows the use of an RODC for the access and enables the application to run in a branch or perimeter network
(also known as DMZ, demilitarized zone, and screened subnet), without the need for direct connectivity with a
writable DC.

For more information about programming for RODC compatibility, see the
Read-only Domain Controllers Application Compatibility Guide.
Value: 0x8
This flag is not supported.

Value: 0x10
Request no authentication. The providers may attempt to bind the client, as an anonymous user, to the
target object. The WinNT provider does not support this flag. Active Directory establishes a connection between
the client and the targeted object, but will not perform authentication. Setting this flag amounts to requesting
an anonymous binding, which indicates all users as the security context.
Value: 0x20
When this flag is set, ADSI will not attempt to query the objectClass
property and thus will only expose the base interfaces supported by all ADSI objects instead of the full object
support. A user can use this option to increase the performance in a series of object manipulations that involve
only methods of the base interfaces. However, ADSI will not verify that any of the requested objects actually
exist on the server. For more information, see
Fast Binding Options for Batch Write/Modify Operations.

This option is also useful for binding to non-Active Directory directory services, for example Exchange 5.5,
where the objectClass query would fail.
Value: 0x40
Verifies data integrity. The ADS_SECURE_AUTHENTICATION flag must also be set also
to use signing.



Value: 0x80
Encrypts data using Kerberos. The ADS_SECURE_AUTHENTICATION flag must also be set
to use sealing.



Value: 0x100
Enables ADSI to delegate the user security context, which is necessary for moving objects across domains.
Value: 0x200
If an Active Directory DNS server name is passed in the LDAP path, this forces an A-record lookup and
bypasses any SRV record lookup when resolving the host name.



Value: 0x400
Specify this flag to turn referral chasing off for the life of the connection. However, even when this flag
is specified, ADSI still allows the setting of referral chasing behavior for container enumeration when set
using ADS_OPTION_REFERRALS in
ADS_OPTION_ENUM (as documented in container enumeration
with referral chasing in
IADsObjectOptions::SetOption) and
searching separately (as documented in
Referral Chasing with IDirectorySearch).



Value: 0x80000000