Recently we had a domain controller show high CPU usage. One of the server guys ran Performance monitor and I’m now looking at the results. In the right hand pane I get a warning about the top client taking up ~23% of CPU.If I click on that it takes me down to that client. Under the box titled Clients with the Most CPU Usage I see a list of IPs with Requests/sec. However the top 2 are not IP addresses butSAM and NTDSAPI, like so: What exactly does this mean and how do I find out which client caused the load?If I click on the plus sign next to ‘SAM’ , I get queries of the form sAMAccountType=805306368 which according to this website is supposed to be an efficient query. http://www.selfadsi.org/extended-ad/search-user-accounts.htm So I’m guessing that whoever the client was just had a lot of queries. But how do I find out which client that was?My Google searching has not helped. Thanks, Smita Carneiro, GCWNActive Directory Systems EngineerIT Security and PolicyRoss Enterprise Center3495 Kent Avenue, Suite 100West Lafayette, IN 47906
Question about Performance Monitor Results
- 269 Views
- Last Post 04 November 2015
While there can be a variety of causes, I suggest logging expensive LDAP queries to start. There’s also a nice little summary PowerShell script once you’ve captured some data.