Best network configuration

Best network configuration provides additional access control features through the use of confidential attributes. This is a setting applied to the searchFlags component of individual attributes, and is only supported on Microsoft Windows Server 2003 SP1 and later. When processing confidential attributes, the directory server checks for additional access control rights associated with the requesting user. This particular type of access, called "CONTROL ACCESS," is granted to administrative accounts by default, but can be delegated to other accounts individually

A third approach to protecting directory attributes. This method is not dependent on a particular directory implementation. Rather, it uses public key infrastructure (PKI) to allow users to control the encryption of attributes related to their own directory information.