Whenever a query happens with a scope of subordinate or subtree, the driver uses LDAP. In the past, only an anonymous bind was possible. When using an anonymous bind, the driver can't see attributes that are hidden in Exchange.
The new AuthoritativeBind parameter lets you use an authoritative LDAP bind instead of an anonymous LDAP bind. This option is one of the prompts when you import the sample driver configuration.
We recommend that you use authoritative bind only in cases where you need to see hidden attributes, such as when you want to do matching based on a hidden attribute.
Keep in mind that when you use authoritative bind, hidden attributes, such as NT4AccountName, are seen in the trace. After using authoritative bind for a specific purpose such as migrating users, if you no longer need to use authoritative bind, you could change the driver parameters back to using anonymous bind.