Microsoft's latest security update for Windows Server has caused a disruption for Active Directory users. The update, released in September 2025, introduced a synchronization issue for security groups with more than 10,000 members.
Update Causes Synchronization Issues
The problem arises when applications use the Active Directory (DirSync) control for on-premises Active Directory Domain Services (AD DS), resulting in incomplete synchronization. The issue affects Windows Server 2025 following the September 2025 security update or subsequent updates. Microsoft reported the problem in an advisory notice titled "Directory synchronization fails for AD security groups exceeding 10,000 members." The exact number of affected users is currently unknown.
Proposed Workaround from Microsoft
While a permanent fix is in development, Microsoft has offered a workaround involving registry modification. Users can disable the changes made by the recent update by adjusting a specific registry key. The registry path to modify is: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides, with the name: 2362988687, type: REG_DWORD, and value: 0. Microsoft cautions that editing the registry can lead to serious issues.
Future Fixes and Recommendations
Microsoft has acknowledged the issue in the Known Issues section of the security update and assures users that a comprehensive fix will be delivered soon. Meanwhile, affected customers may use the registry modification as a temporary solution but should be careful to back up their systems to avoid further complications. The company is actively working on resolving this issue to prevent further disruption for Active Directory users.
