Microsoft Confirms Active Directory Sync Bug in Windows Server 2025
A recent Windows Server 2025 update is causing Active Directory sync issues, leaving IT admins searching for temporary fixes.
Key Takeaways:
- Microsoft confirms an AD sync bug in Windows Server 2025 after recent updates.
- This issue affects large organizations with extensive Active Directory groups.
- A temporary registry workaround is available until a permanent fix arrives.
Microsoft has confirmed a new bug disrupting Active Directory (AD) synchronization on Windows Server 2025. The problem specifically affects on-premises Active Directory Domain Services (AD DS) environments using DirSync for synchronization.
Active Directory directory synchronization (DirSync) is a tool that was used to replicate user identities, passwords, and other directory data from an on-premises Active Directory environment to Microsoft’s cloud-based services like Microsoft Entra ID (formerly Azure Active Directory). This synchronization allows organizations to maintain a unified identity across both local and cloud systems, which enables users to access resources seamlessly with a single set of credentials.
How does the Active Directory sync bug affect enterprise environments?
Microsoft mentioned that this issue was introduced in the September 2025 Patch Tuesday updates. This means that it affects customers who install the KB5065426 (and later) update on their Windows Server 2025 machines. Microsoft says that this bug primarily affects large organizations with extensive AD group memberships.
“Applications that use the Active Directory directory synchronization (DirSync) control for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect Sync, can result in incomplete synchronization of large AD security groups exceeding 10,000 members. This issue occurs only on Windows Server 2025 after installing the September 2025 Windows security update (KB5065426), or later updates,” Microsoft explained.
Steps IT admins can take to mitigate the impact
Microsoft’s engineers are currently working on a permanent fix that is expected to arrive in a future update, though there is no ETA yet. In the meantime, the company has provided a temporary workaround that involves Windows Registry modification.
Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
Name: 2362988687
Type: REG_DWORD
Value: 0
However, Microsoft has warned that incorrect registry edits can cause irreversible system damage to Windows Server 2025 machines. It’s recommended that IT administrators follow Microsoft’s registry guidance before applying the workaround.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
