A Windows Server 2025 update has disrupted DirSync functionality for some on-premises Active Directory Domain Services (AD DS) environments. This issue arose with the September 2025 Patch Tuesday update (KB5065426).
Synchronization Problem Details
The update impacts organizations with large Active Directory (AD) group memberships, particularly those exceeding 10,000 members. It results in incomplete synchronization of large security groups. DirSync, which usually replicates user identities, passwords, and other directory data to cloud identity services, is hindered by this issue.
Temporary Solution
Microsoft is actively working on a permanent fix, though the timeline is still unknown. As an interim measure, the company has provided a registry workaround:
- Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
- Name: 2362988687
- Type: REG_DWORD
- Value: 0
Microsoft cautions that improper registry edits can lead to irreversible system damage. IT administrators should carefully follow official guidance when implementing this workaround.
