FIX: Adding multiple users to Active Directory can cause memory leak when setting passwords

This article was previously published under Q274172
This article has been archived. It is offered "as is" and will no longer be updated.
Adding many users (20,000 and more) through Active Directory Services Interface (ADSI) code may cause the Lsass.exe process to grow rapidly in size, and can result in performance problems on the client computer. A system restart may be needed to restore normal performance and to shrink Lsass.exe.

NOTE: One test found that adding 45,000 users resulted in Lsass.exe growth of 9 megabytes (MB), which is approximately 200 bytes per user.
The way that handles were referenced made it difficult to track for proper release. The fix changes the way that handles are referenced so that they may be released properly.

Note that even after you apply this fix, Lsass.exe will still grow as you add users. But the growth should be slower, a plateau will be reached, and memory will ultimately be recovered.
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
The following files are available for download from the Microsoft Download Center:
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file. The English version of this fix should have the following file attributes or later:
Date        Time     Size      File name     ---------------------------------------------01/09/2001  09:48a   130,320   Adsldpc.dll01/09/2001  10:39a   348,944   Advapi32.dll01/09/2001  10:39a   135,440   Dnsapi.dll01/09/2001  10:39a    90,896   Dnsrslvr.dll01/09/2001  10:40a   512,784   Instlsa5.dll01/09/2001  10:40a   140,048   Kdcsvc.dll11/15/2000  02:37p   207,408   Kerberos.dll12/19/2000  09:13p    69,456   Ksecdd.sys01/09/2001  10:39a   494,864   Lsasrv.dll01/02/2001  08:45a    33,552   Lsass.exe11/13/2000  02:46p   104,464   Msv1_0.dll01/09/2001  10:40a   306,960   Netapi32.dll01/09/2001  10:39a   355,600   Netlogon.dll01/09/2001  10:40a   907,024   Ntdsa.dll01/09/2001  10:39a   378,128   Samsrv.dll01/09/2001  11:30a   753,023   Sp2.cat01/09/2001  09:48a   123,664   Wldap32.dll				
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.

Steps to reproduce the behavior

Run code that uses a loop to add users and set the password by using the IADsUser::SetPassword method.

After 20,000 to 30,000 users have been added, Lsass.exe will have increased in size, and performance will be reduced. Memory consumption by Lsass.exe does not level off, but continues to rise slowly.
leak bloat handle resource AD balloon

Article ID: 274172 - Last Review: 01/10/2015 12:49:17 - Revision: 7.2

  • Microsoft Active Directory Service Interfaces 2.5
  • kbnosurvey kbarchive kbbug kbfix kbgraphxlinkcritical kbwin2000presp2fix KB274172