I heard that theoretically we could port scan global network for TCP 3268 i.e. identifying all Global Catalog Domain Controllers(DCs). So my questions are:
How identifying Global Catalog servers is correlated with total number of Active Directory Forests in an enterprise? How do I tell total number of forests by identifying all Global Catalog servers? Please elaborate this method.
Is there any alternative/automated/practical way to answer this question without checking network documentation and AD design documents or interviewing?
Kindly answer with explanation specific to above mentioned questions.