Lsass.exe using 100% CPU after setting up LDAP

Article:TECH82839  |  Created: 2004-01-02  |  Updated: 2005-01-12  |  Article URL http://www.symantec.com/docs/TECH82839
Article Type
Technical Solution


Issue



You configured Active Directory (AD) as the Lightweight Directory Access Protocol (LDAP) server type. Users see the Lsass.exe process using 100% CPU on the Domain Controller designated in the LDAP configuration of the Brightmail Control Center. This causes a large number of queries against AD using un-indexed attribute.



Solution



There are two possible solutions to Lsass.exe using 100% CPU:
  • In the query filter replace both instances of ObjectClass with ObjectCategory. ObjectCategory is indexed.
  • Modify the Active Directory Schema to index ObjectClass.





Technical Information
For steps on indexing an attribute in Active Directory, read Getting Started with Windows 2000 Advanced server.





Legacy ID



2004120210265363


Article URL http://www.symantec.com/docs/TECH82839


Terms of use for this information are found in Legal Notices