The log-in with AD plugin is very slow


  • The log-in process is very slow
  • Jenkins takes too much time to recognize the AD groups
  • I am able to log-in on Jenkins
  • AD groups are recognized by Jenkins
  • In /whoAmI AD groups appear


Enable the cache

This is one of the options which might increase the performance of your Jenkins instance when there are consecutive lookups. Enabling this option is strongly recommended.


Try with Token-Groups user attribute

Unfortunately, for the moment the AD plugin does not allow you to restrict Groups lookup on the same way you can do it with the LDAP plugin, however on the other hand in case your AD set-up only relies on Security Groups, and not Distribution Groups - which most of the cases happens, then you can try to use Group Membership Strategy → Token-Groups user attribute which should have a very big improvement when discovering groups.


Try removing irrelevant groups with the Recursive group queries

Makes Jenkins ignore every user’s Active Directory groups that are not being used by the active Authorization Strategy. This can significantly improve performance in environments with a large number of groups but a small number of corresponding rules defined by the Authorization Strategy.

  • IMPORTANT: This setting may be incompatible with some Authorization Strategies. For example, it has been reported that this setting can impact RBAC strategy by modifying the defined privileges for certain users (e.g. some permissions are missing).


Have more questions?


Please sign in to leave a comment.