We're troubleshooting a high processor utilization issue (>95% sustained) with one of our Windows Server 2008 R2 SP1 domain controllers.  Whatever is causing this occurs at roughly the same time every day for the last week, hits the same DC, and lasts for 30 minutes or so.

We've run the Active Directory Diagnostics Data Collector Set a number of times on the DCs, and the high processor utilization is always attributable to NTDS in the "Translate (Crack) Names" section.  Instance = NTDS, Requests / Second = 1,171 CPU% = 52.71, for example.  The Offered value for that entry is 4294967288, which corresponds to DS_LIST_NCS (0xfffffff6) for DsCrackNames(). 

Rapid listing of all naming contexts in the forest may also explain CN=Configuration being at the top of the "Searches with the Most CPU" section at 50% CPU (Requests / Second = 1,171). 

NTDSAPI also tops the "Clients with the Most CPU Usage" section at 50% (Requests / Second = 1,181.9).  Looks like lots of searches to CN=Configuration for:

(&(rightsGuid=00000000-0000-0000-0000-000000000000)(objectCategory=CN=Control-Access-Right,CN=Schema,CN=Configuration) )

While I have seen the forum posting that refences NSPI caching and NTDSAPI, I don't think it's related in my case; we wouldn't see this issue starting at a particular time each day, targeting the same DC, and lasting for the same period of time.

Any ideas on how to further track down the client(s) causing this high CPU utilization? 

Thanks,

Mark

• Edited by tomlinsorm Friday, May 08, 2015 2:51 PM fixed formatting

> Any ideas on how to further track down the client(s) causing this high > CPU utilization?   Yes - "ntds diagnostics field engineering" reveals some good sources, but unless you _know_ that you have to search for "field engineering", you will be unable to discover them...   http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/41/Logging-LDAP-searches-AD-and-ADAM.aspx   http://community.spiceworks.com/how_to/68929-how-to-trace-ldap-calls-generated-by-a-specific-software