Microsoft has identified a severe synchronization issue affecting Windows Server 2025 systems, particularly impacting organizations using Active Directory with large security groups. The problem, confirmed on 2025-10-14, emerged following September 2025 security updates.
Windows Server 2025 Synchronization Issue
The problem arises when using the Active Directory DirSync control for synchronizing large security groups with more than 10,000 members. Organizations employing Microsoft Entra Connect Sync, which links on-premises and cloud directories, are significantly impacted.
The synchronization process for these large groups fails, leaving critical user accounts and permissions potentially unsynchronized. Microsoft is aware that this issue emerged after the September 2025 Windows update KB5065426, and continues to affect systems even after further updates in October.
Mitigation and Guidance
As Microsoft investigates a permanent resolution, it recommends a temporary workaround. This involves modifying the Windows registry by creating a new DWORD value, 2362988687, with a value of 0 under HKEY_LOCAL_MACHINE's FeatureManagement Overrides section. However, Microsoft explicitly warns that incorrect registry edits can lead to severe issues, advising only experienced administrators to proceed with this remedy.
The issue is confined to Windows Server 2025, with earlier systems remaining unaffected. Administrators should assess their synchronization needs before applying the October 2025 updates and may implement the advised workaround if experiencing synchronization failures in Active Directory.
Looking Ahead
While a permanent fix is not yet available, Microsoft's acknowledgment opens the path for affected businesses to evaluate their strategies regarding directory services. Administrators are urged to exercise caution and closely follow Microsoft's guidance until a definitive solution is provided.
