Proxied Authorization Control is defined in RFC 4370
allows a client to request that an operation be processed under a provided authorization
instead of as the current authorization identity associated with the connection.
Support for the Proxied Authorization Control is indicated by the presence of the Object Identifier (OID) "2.16.840.1.113718.104.22.168" in the supportedControl attribute within the rootDSE
There might be more information for this subject on one of the following: