The Native AD authenticator uses a native Windows API, sign in user, which authenticates a user against a specific domain. It is useful when there is a need to support non-LDAP secure binding (for example, your domain controller is setup with LDAP but you still require signed LDAP binds).