With reference to JENKINS-4203, I'm still facing the issue of multiple domain controllers in one forest. Out of four controllers, only two are reachable from Jenkins and even after providing AD Site details, Jenkins trying to connect to another site controller which is unreachable from Jenkins.

Settings:

<securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="active-directory@2.25.1">
    <domains>
      <hudson.plugins.active__directory.ActiveDirectoryDomain>
        <name>my.example.org</name>
        <servers>win-ad01.my.example.org:636, win-ad02.my.example.org.my.example.org:636</servers>
        <site>my-site-1</site>

       <bindName>CN=srv_jenkins,OU=ServiceAccounts,OU=myou,DC=my,DC=example,DC=org</bindName>
       <bindPassword>{AAABBBCCCDDDEEEEFFFFGGGHHHIIIJJJKKKK}</bindPassword>
        <tlsConfiguration>TRUST_ALL_CERTIFICATES</tlsConfiguration>
      </hudson.plugins.active__directory.ActiveDirectoryDomain>
    </domains>
    <startTls>true</startTls>
    <requireTLS>true</requireTLS>
    <groupLookupStrategy>AUTO</groupLookupStrategy>
    <removeIrrelevantGroups>false</removeIrrelevantGroups>
  </securityRealm>

DNS resolution:

$ nslookup -q=SRV _ldap._tcp.my.example.org

Non-authoritative answer:
_ldap._tcp.my.example.org  service = 0 100 389 win-ad01.my.example.org.
_ldap._tcp.my.example.org  service = 0 100 389 win-ad02.my.example.org.
_ldap._tcp.my.example.org  service = 0 100 389 win-ad03.my.example.org.
_ldap._tcp.my.example.org  service = 0 100 389 win-ad04.my.example.org.

 

$ nslookup -q=SRV _ldap._tcp.my-site-1._sites.my.example.org

Non-authoritative answer:
_ldap._tcp.my-site-1._sites.my.example.org service = 0 100 389 win-ad01.my.example.org.
_ldap._tcp.my-site-1._sites.my.example.org service = 0 100 389 win-ad02.my.example.org.

DNS resolution and site settings work correctly. Could you please help me to understand what's wrong in the config if it's not a bug?