Lsass.exe using 100% CPU after setting up LDAP

Article:TECH82839  |  Created: 2004-01-02  |  Updated: 2005-01-12  |  Article URL
Article Type
Technical Solution



You configured Active Directory (AD) as the Lightweight Directory Access Protocol (LDAP) server type. Users see the Lsass.exe process using 100% CPU on the Domain Controller designated in the LDAP configuration of the Brightmail Control Center. This causes a large number of queries against AD using un-indexed attribute.


There are two possible solutions to Lsass.exe using 100% CPU:
  • In the query filter replace both instances of ObjectClass with ObjectCategory. ObjectCategory is indexed.
  • Modify the Active Directory Schema to index ObjectClass.

Technical Information
For steps on indexing an attribute in Active Directory, read Getting Started with Windows 2000 Advanced server.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices