--- source4/dsdb/samdb/ldb_modules/partition.c.orig	2015-02-12 23:22:15.904000000 +0100
+++ source4/dsdb/samdb/ldb_modules/partition.c	2015-02-12 23:43:26.560000000 +0100
@@ -605,6 +605,35 @@ static int partition_search(struct ldb_m
 	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
 						struct loadparm_context);
 
+	// Determine forestdnszones_dn for comparison below
+	struct ldb_dn *forestdnszones_dn = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+	if (!forestdnszones_dn) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	if (!ldb_dn_add_child_fmt(forestdnszones_dn, "DC=ForestDnsZones")) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	// Determine domaindnszones_dn for comparison below
+	struct ldb_dn *domaindnszones_dn = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+	if (!domaindnszones_dn) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	if (!ldb_dn_add_child_fmt(domaindnszones_dn, "DC=DomainDnsZones")) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	/* Don't return application partitions on GC search */
+	if (!no_gc_control ) {	// not set by ldap_backend.c:ldapsrv_SearchRequest for GC port searches
+		// This behaviour was found on a Windows Server 2008R2 Foundation
+		// Looks like it's generally true that AD GC search doesn't return Forest+DomainDNSZones
+		// let's only treat the Windows Server 2008R2 Foundation case for now:
+		if (ldb_dn_is_null(req->op.search.base) && domain_scope_control) {
+			// workaround: set base to avoid partition_send_all below, skip Forest and DomainDNSZones
+			req->op.search.base = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+		}
+	}
+
 	/* Search from the base DN */
 	if (ldb_dn_is_null(req->op.search.base)) {
 		if (!phantom_root) {
@@ -628,6 +657,17 @@ static int partition_search(struct ldb_m
 		}
 
 		if (phantom_root) {
+
+			/* Don't return application partitions on GC search */
+			if (!no_gc_control && domain_scope_control) {
+				if (ldb_dn_compare(data->partitions[i]->ctrl->dn, forestdnszones_dn) == 0) {
+					continue;
+				}
+				if (ldb_dn_compare(data->partitions[i]->ctrl->dn, domaindnszones_dn) == 0) {
+					continue;
+				}
+			}
+
 			/* Phantom root: Find all partitions under the
 			 * search base. We match if:
 			 *