Hello,
We have an issue (possibly specific to a GPO in our environment) that causes issues with the dnsapi.dll library in build 2004. The behavior that happens after a domain join computer is freshly imaged with 2004 or is updated from a previous version is that if there is any network connectivity, lsass.exe will spike all cores to 100% CPU usage while trying to call dnsapi.dll and it will use multiple threads to attempt to execute. I was able to determine this using Process Explorer for sysinternals. This is platform independent and happens on both our Dell's and Lenovo's. If any network device is connected, this will result in a forever spinning login screen. If the network devices are disabled and the user profile is logged into, then a network device (wifi/ethernet) is connected, services with privilege escalations will fail due to the high CPU usage. If network devices are then disconnected, then after a few minutes cores free up CPU.
As a partial fix, I have replaced both 32 and 64 bit dnsapi.dll's with a version from Windows 10 build 1903 and the issue with lsass goes away and I'm able to log in and have no issues with high CPU usage or privilege escalations. The side affect of an older dnsapi.dll is that I'm unable to browse network shares and receive the following error in event viewer: "The DNS Client service terminated with the following error: The specified procedure could not be found".
The unfortunate thing is I'm unable to get a Microsoft resource because our org is under 500 people and our licensing partner can not even get a resource assigned to investigate the issue. If we are having this issue in our environment, I'm sure others are running into this as well.
CU KB 4565503 from the July 13 update does not fix the issue.

