Microsoft has confirmed a new synchronization issue has been actively impacting Windows Server 2025, following the September 2025 security update (KB5065426). The bug affects Active Directory directory synchronization (DirSync) processes, particularly when dealing with large AD security groups exceeding 10,000 members.
To remind you, that's the same Patch Tuesday update from last month which broke print and file sharing and triggered DRM/HDCP playback issues.
According to Microsoft's official health dashboard, the problem can lead to incomplete synchronization between on-premises Active Directory Domain Services (AD DS) and cloud directories such as Microsoft Entra Connect Sync. This means organizations relying on hybrid identity setups could face partial or failed group syncs, potentially breaking user access policies or permissions.
The issue is confirmed to affect Windows Server 2025 installations only. Client systems remain unaffected. Until Microsoft releases a permanent fix, affected administrators can use a registry-based workaround to disable the problematic feature change. Microsoft warns users to modify the registry carefully, as incorrect changes could cause system instability.
To apply the workaround, add the following registry key:
Microsoft says it is actively investigating the issue and will provide a resolution in a future Windows update. For now, IT admins managing large enterprise environments should monitor sync activity closely and avoid pushing updates until a patch is confirmed stable.