Movere connects to AD using the .NET System.Net.LdapConnection, which is a low-level LDAP connector that allows for paging, enabling Movere to request large datasets (e.g. AD Users) with very little overhead. For Global Catalogue (GC) queries, (e.g. collecting a list of child domains in a forest), Movere uses the .NET System.DirectoryServices.Protocols.LdapDirectoryIdentifier to connect to the GC over port 3268.
When running an AD scan, Movere leverages the credentials mapped to that domain via the Movere Console credential mapper. If the domain has not yet been discovered, then from the AD tab any domain name can be entered. This domain is then automatically added to the domain list in the credential mapper. This enables users to enter credentials centrally before distributing the Movere Console to locations that cannot be queried from the local domain.
How does Movere identify which Domain Controller (DC) or Global Catalog (GC) to query in a domain?
Movere relies on Active Directory to direct it to the closest Domain Controller to query. Movere only needs to query a single DC per domain. The same logic is also applied when attempting to query the GC.