Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems.
As the company explains in a Windows release health dashboard update, this known issue affects Active Directory Domain Services (AD DS) synchronization, including Microsoft Entra Connect Sync.
“Applications that use the Active Directory directory synchronization (DirSync) control for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect Sync, can result in incomplete synchronization of large AD security groups exceeding 10,000 members,” Microsoft said.
“This issue occurs only on Windows Server 2025 after installing the September 2025 Windows security update (KB5065426), or later updates.”
Microsoft added that its engineering teams are currently working to resolve these AD sync problems and shared a workaround until a fix is available.
This requires IT administrators to add the following registry key as soon as possible to avoid Microsoft Entra Connect Sync disruptions:
Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
Name: 2362988687
Type: REG_DWORD
Value: 0
However, the company warned that “serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method” and that these problems “might require that you reinstall the operating system.”
Redmond also added that it “cannot guarantee that these problems can be solved” and that admins modify the registry at their own risk.
While the company didn’t share what is causing these synchronization issues, a support document detailing the current prerequisites for Microsoft Entra Cloud Sync says that “Windows Server 2025 support for Microsoft Entra Cloud Sync is planned for a future release.”
Microsoft is also working to fix another known issue impacting Windows 11 24H2 and Windows Server 2025 devices that causes Windows update failures when installing updates from a network share using the Windows Update Standalone Installer (WUSA).
While a fix for this bug has not yet been released for all customers, Redmond is mitigating it automatically on home and non-managed business devices via Known Issue Rollback (KIR).
In July, it released an emergency update to fix a bug preventing Azure VMs from launching when Virtualization-Based Security (VBS) is enabled and the Trusted Launch setting is disabled.
One month earlier, it resolved a known issue that triggered app or service failures and caused Windows Server 2025 domain controllers to become unreachable after a restart.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
Source link
