JSI Tip 8265. Windows 2000 domain controllers Lsass.exe have high CPU usage, and/or the servers temporarily hang, and/or client communication times out, and/or you receive incomplete information from the servers?

The subject behavior can occur in a very large forest structure, when the KCC (Knowledge Consistency Checker) runs, even if the ISTG (Inter-Site Topology Generation) is turned off.

The Lsass.exe runs at high priority, consuming too many cycles when the KCC runs.

To workaround this behavior, turn off ISTG for the KCC, if it is on, and turn off connection translation for the domain controllers, by using the repadmin /options +disable_ntdsconn_xlate command.

NOTE: Turning off these tasks will require that you maintain them manually.

NOTE: In large environments, run server programs on member servers, allowing the domain controllers to use all their resources for domain / forest functions.

NOTE: See the following Knowledge Base articles:

How to optimize Active Directory replication in a large network.

HOW TO: Disable the Knowledge Consistency Checker Inter-Site Topology Generation for All Sites.

How to Disable the Knowledge Consistency Checker From Automatically Creating Replication Topology.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.