Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems.
As the company explains in a Windows Release Health Dashboard update, this known issue affects Active Directory Domain Services (AD DS) synchronization, including Microsoft Entra Connect Sync.
“Applications that use Active Directory directory synchronization (dsync) controls for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect sync, may result in incomplete synchronization of large AD security groups greater than 10,000 members,” Microsoft said,
“This issue only occurs on Windows Server 2025 after you install the September 2025 Windows Security Update (KB5065426), or later updates.”
Microsoft said that its engineering teams are currently working to resolve these AD Sync issues and have shared workarounds until a solution is available.
This requires IT administrators to add the following registry keys as soon as possible to avoid Microsoft Entra Connect sync disruptions:
Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
Name: 2362988687
Type: REG_DWORD
Value: 0
However, the company warned that “serious problems may occur if you incorrectly modify the registry by using the registry editor or by using any other method” and that these problems “may require you to reinstall the operating system.”
Redmond also said that it “cannot guarantee that these problems can be resolved” and that administrators modify the registry at their own risk.
Although the company did not share what causes these sync issues, a support document details the current requirements for Microsoft Entra Cloud Sync. it is said so “Windows Server 2025 support for Microsoft Entra Cloud Sync is planned for a future release.”
Microsoft is also working to fix another known issue affecting Windows 11 24H2 and Windows Server 2025 devices that causes Windows Update failures when installing updates from a network share using the Windows Update Standalone Installer (WUSA).
Although a fix for this bug has not yet been released to all customers, Redmond is automatically mitigating it on home and non-managed business devices through Known Issue Rollback (KIR).
In July, it released an emergency update to fix a bug that prevented Azure VMs from launching when virtualization-based security (VBS) was enabled and the trusted launch setting was disabled.
A month ago, it addressed a known issue that could cause an app or service to fail and Windows Server 2025 domain controllers to become inaccessible after a restart.
attend Breach and Attack Simulation Summit and experience future of security verificationHear from top experts and see how AI-powered BAS Changing breach and attack simulations.
Don’t miss the event that will shape the future of your security strategy
