Global Catalog Searches in AD Environments

In Microsoft Active Directory environments, there might be LDAP servers (domain controllers) with a additional capability: They offers (read only) access to all the objects in the regarding AD forest. So you an get information about objects from any AD domain partition, normally each domain controller holds only the objects of it's own domain. Domain controllers which can be accessed this way are called Global Catalog servers (GC).

So if you want to search the entire forest for object with specific criteria, you should connect to a global catalog server first - use the TCP port numbers 3268 or 3269 (if you want to connect over SSL) for this. If you don't know which domain controllers in your environment are GCs, you can try to find them with the Detect button in the LDAP Connection dialog.

To initiate a global forest-wide search, the LDAP search operation has to use an empty string instead of a normal search base container. LEX detects when you are connected to an Active Directory GC and offers you to perform a global search:

Global Catalog search

In this case, the LDAP container where you choose to open the Search dialog is irrelevant: The search will be global in the entire AD forest. Please note that in this case direct jumps from the search result window to the regarding object (as described above) might fail, because the global catalog search might return objects which are NOT part of the current connected name space.