Specify the full domain name(s) of Active Directory. Jenkins uses this information to locate the LDAP service and performs authentication. If you wish to attempt authentication against multiple Active Directory domains the entries can be separated by a comma.

If you specify the forest name (say contoso.com instead of europe.contoso.com), then the search will be done against the global catalog. If you do this without specifying the bind DN, the user would have to login as "europe\joe" or "joe@europe".