when osquery 5.2.2 (installed using the fleet/orbit msi) runs on domain controllers, the LSASS process takes up 100% cpu and remains, until the osqueryd service is stopped couldn't find any known issues on this, has anyone else seen such behaviour?

Do you have the Software Inventory enabled for FleetDM?

yes

great, thanks, disabling the software_inventory fixed it! i'll follow that thread

I would guess it’s going to be something crawling the users table

Yea, Trail of Bits has been working on this problem. It's the number of users on the Domain Controller, that is the challenge. We have a PR here https://github.com/osquery/osquery/pull/7516