Microsoft has acknowledged that the security updates released in September 2025 are leading to complications with Active Directory on Windows Server 2025 systems. This revelation comes from an update on the Windows release health dashboard, where the company detailed the impact on Active Directory Domain Services (AD DS) synchronization, particularly concerning Microsoft Entra Connect Sync.
Details of the Issue
The company highlighted that applications utilizing the Active Directory directory synchronization (DirSync) control for on-premises AD DS may experience incomplete synchronization, especially for large security groups exceeding 10,000 members. This issue is specifically tied to the installation of the September 2025 Windows security update (KB5065426) or any subsequent updates.
In response to these challenges, Microsoft’s engineering teams are actively working on a resolution. In the interim, they have provided a workaround for IT administrators to implement, aimed at mitigating disruptions in Microsoft Entra Connect Sync.
To avoid potential synchronization issues, administrators are advised to add a specific registry key promptly:
Path: ComputerHKEYLOCALMACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides
Name: 2362988687
Type: REG_DWORD
Value: 0
However, Microsoft has issued a cautionary note regarding registry modifications, warning that improper changes could lead to significant problems, potentially necessitating a complete operating system reinstallation. The company has made it clear that any alterations to the registry are undertaken at the administrator’s own risk.
While the exact cause of the synchronization issues remains undisclosed, a support document indicates that support for Microsoft Entra Cloud Sync on Windows Server 2025 is anticipated in a future release.
Additional Known Issues
Moreover, Microsoft is addressing another known issue affecting Windows 11 24H2 and Windows Server 2025 devices, which results in update failures when attempting to install updates from a network share using the Windows Update Standalone Installer (WUSA). Although a comprehensive fix has not yet been rolled out to all customers, Microsoft is implementing automatic mitigations for home and non-managed business devices through Known Issue Rollback (KIR).
Earlier this year, Microsoft took swift action to resolve critical issues, including an emergency update in July aimed at fixing a bug that prevented Azure VMs from launching under certain security settings. Additionally, a prior fix addressed a known issue that caused app or service failures, rendering Windows Server 2025 domain controllers inaccessible after a restart.
As these developments unfold, IT professionals are encouraged to stay informed and prepared for potential adjustments in their systems.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation. Don’t miss the event that will shape the future of your security strategy.
