FIX: Adding multiple users to Active Directory can cause memory leak when setting passwords (274172)


The information in this article applies to:

  • Microsoft Active Directory Services Interface, Microsoft Active Directory Client, when used with:
    • the operating system: Microsoft Windows 2000
This article was previously published under Q274172

SYMPTOMS

Adding many users (20,000 and more) through Active Directory Services Interface (ADSI) code may cause the Lsass.exe process to grow rapidly in size, and can result in performance problems on the client computer. A system restart may be needed to restore normal performance and to shrink Lsass.exe.

NOTE: One test found that adding 45,000 users resulted in Lsass.exe growth of 9 megabytes (MB), which is approximately 200 bytes per user.

CAUSE

The way that handles were referenced made it difficult to track for proper release. The fix changes the way that handles are referenced so that they may be released properly.

Note that even after you apply this fix, Lsass.exe will still grow as you add users. But the growth should be slower, a plateau will be reached, and memory will ultimately be recovered.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

The following files are available for download from the Microsoft Download Center:

US English:
DownloadDownload Q274172_W2K_SP2_x86_en.exe now

Arabic:
DownloadDownload Q274172_W2K_SP2_x86_ar.exe now

Chinese (Simplified):
DownloadDownload Q274172_W2K_SP2_x86_cn.exe now

Chinese (Traditional):
DownloadDownload Q274172_W2K_SP2_x86_tw.exe now

Czech:
DownloadDownload Q274172_W2K_SP2_x86_cs.exe now

Danish:
DownloadDownload Q274172_W2K_SP2_x86_da.exe now

Dutch:
DownloadDownload Q274172_W2K_SP2_x86_nl.exe now

Finnish:
DownloadDownload Q274172_W2K_SP2_x86_fi.exe now

French:
DownloadDownload Q274172_W2K_SP2_x86_fr.exe now

German:
DownloadDownload Q274172_W2K_SP2_x86_de.exe now

Greek:
DownloadDownload Q274172_W2K_SP2_x86_el.exe now

Hebrew:
DownloadDownload Q274172_W2K_SP2_x86_he.exe now

Hungarian:
DownloadDownload Q274172_W2K_SP2_x86_hu.exe now

Italian:
DownloadDownload Q274172_W2K_SP2_x86_it.exe now

Japanese:
DownloadDownload Q274172_W2K_SP2_x86_ja.exe now

Japanese (NEC):
DownloadDownload Q274172_W2K_SP2_nec98_ja.exe now

Korean:
DownloadDownload Q274172_W2K_SP2_x86_ko.exe now

Norwegian:
DownloadDownload Q274172_W2K_SP2_x86_no.exe now

Polish:
DownloadDownload Q274172_W2K_SP2_x86_pl.exe now

Portuguese:
DownloadDownload Q274172_W2K_SP2_x86_pt.exe now

Portuguese (Brazil):
DownloadDownload Q274172_W2K_SP2_x86_br.exe now

Russian:
DownloadDownload Q274172_W2K_SP2_x86_ru.exe now

Spanish:
DownloadDownload Q274172_W2K_SP2_x86_es.exe now

Swedish:
DownloadDownload Q274172_W2K_SP2_x86_sv.exe now

Turkish:
DownloadDownload Q274172_W2K_SP2_x86_tr.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file. The English version of this fix should have the following file attributes or later:
Date        Time     Size      File name     
---------------------------------------------
01/09/2001  09:48a   130,320   Adsldpc.dll
01/09/2001  10:39a   348,944   Advapi32.dll
01/09/2001  10:39a   135,440   Dnsapi.dll
01/09/2001  10:39a    90,896   Dnsrslvr.dll
01/09/2001  10:40a   512,784   Instlsa5.dll
01/09/2001  10:40a   140,048   Kdcsvc.dll
11/15/2000  02:37p   207,408   Kerberos.dll
12/19/2000  09:13p    69,456   Ksecdd.sys
01/09/2001  10:39a   494,864   Lsasrv.dll
01/02/2001  08:45a    33,552   Lsass.exe
11/13/2000  02:46p   104,464   Msv1_0.dll
01/09/2001  10:40a   306,960   Netapi32.dll
01/09/2001  10:39a   355,600   Netlogon.dll
01/09/2001  10:40a   907,024   Ntdsa.dll
01/09/2001  10:39a   378,128   Samsrv.dll
01/09/2001  11:30a   753,023   Sp2.cat
01/09/2001  09:48a   123,664   Wldap32.dll

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Steps to reproduce the behavior

Run code that uses a loop to add users and set the password by using the IADsUser::SetPassword method.

After 20,000 to 30,000 users have been added, Lsass.exe will have increased in size, and performance will be reduced. Memory consumption by Lsass.exe does not level off, but continues to rise slowly.
Modification Type:MajorLast Reviewed:10/8/2006
Keywords:kbbug kbfix kbgraphxlinkcritical kbWin2000PreSP2Fix KB274172 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.