Jenkins Version 2.414.1
Active Directory plugin 2.33
Local company Windows network wit active directory domain "company-name.local"
External Jenkins instance
We are about to move our the server where we host our Jenkins instance on from our local network to some external network.
In local network Jenkins was configured with Active Directory plugin to lookup users in "company-name.local" domain using the local domain controller "10.21.8.42:3268" not requiring TLS.
As a preparation for the server move, we switched to domain controller to its external DNS name "dc.company-name.ch:636" and required TLS.
Addditinoally, we blocked the connection to the local domain controller to be sure the new connection gets actually used.
This did not work.
We noticed through anaylzing the TCP connections with and without blocked connection to the local domain controller that Jenkins (in some cases) tried to connect to the local domain controller ignoring the external domain controller URL set in the plugin configuration.
When we tried this setup on the external server in the external network, it did work.
Though, when tried to test the domain setting through the "Test Domain" button, it showed:
Success - but company-name.local does not look like a valid domain name
Also, logically, it showed it was not able to resolve the domain in the "Active Directory Health Status":
DNS resolution : Not able to resolve the domain DNS
I can only assume that we aren't the only ones trying to use the Active Directory plugin for Jenkins in a similar setup because more and more organisations move away from on-premise solutions to cloud solutions and the like.
Thus, I think it would make sense to allow to disable the DNS resolution through a configuration flag/checkbox as it is sipmly superfluous and potentially even could influence lookup speed negatively.