Microsoft is addressing a significant issue impacting Active Directory functionalities for certain Windows Server 2025 systems that have recently installed security updates. This acknowledgment came from the tech giant on Tuesday, shedding light on the challenges faced by users of Active Directory Domain Services (AD DS) synchronization, particularly with Microsoft Entra Connect Sync.
Details of the Active Directory Issue
The problem arises when applications utilizing the Active Directory directory synchronization (DirSync) control for on-premises AD DS encounter incomplete synchronization. This is especially pertinent for large Active Directory security groups that exceed 10,000 members. Microsoft clarified that this issue is specifically linked to Windows Server 2025 following the installation of the September 2025 Windows security update (KB5065426) or any subsequent updates.
To mitigate this disruption, Microsoft has introduced a solution for IT administrators. They can now rectify the bug on managed devices by implementing and configuring the Known Issue Rollback (KIR) Group Policy on affected Windows devices. Detailed instructions for deploying and configuring these KIR group policies are readily available on Microsoft’s support website.
Temporary Solutions for Users
For non-managed business devices and the majority of home users, a temporary fix is available. By adding a specific registry key, users can avoid disruptions in Microsoft Entra Connect Sync. The necessary steps are as follows:
Path: ComputerHKEYLOCALMACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides
Name: 2362988687
Type: REG_DWORD
Value: 0
This adjustment is recommended to be made promptly to ensure continued functionality until the comprehensive fix is rolled out to all customers during next month’s Patch Tuesday.
Additional Updates and Fixes
In addition to the Active Directory issue, Microsoft is actively working on resolving a bug that affects Windows 11 24H2 and Windows Server 2025 devices. This particular bug has been causing failures during Windows updates when using the Windows Update Standalone Installer (WUSA) to install updates from a network share.
On Friday, the company also provided guidance to address smart card authentication issues that have been impacting all Windows 10, Windows 11, and Windows Server releases following the installation of the October 2025 Windows security updates. Furthermore, just a day prior, Microsoft rectified another known issue that disrupted HTTP/2 localhost (127.0.0.1) connections after the installation of recent Windows security updates. They also lifted two compatibility holds that had previously prevented users from upgrading to Windows 11 via Windows Update.
