Microsoft has confirmed a synchronization issue impacting Windows Server 2025, following the September 2025 security update (KB5065426). This bug specifically affects users of Entra Connect who are synchronizing large Active Directory (AD) security groups that exceed 10,000 members.
This issue is connected to the same Patch Tuesday update that previously disrupted file and print sharing functionalities and caused DRM/HDCP playback issues. According to Microsoft’s health dashboard, the problem can result in incomplete synchronization between on-premises Active Directory Domain Services (AD DS) and cloud directories, like Microsoft Entra Connect Sync. Consequently, organizations utilizing hybrid identity setups may experience partial or failed group syncs, jeopardizing user access policies or permissions.
Notably, this issue is limited to installations of Windows Server 2025; client systems are unaffected. In the meantime, Microsoft encourages affected administrators to implement a registry-based workaround to disable the problematic feature. Caution is advised when altering the registry, as improper modifications could lead to system instability.
To apply the workaround, users should add the following registry key:
Path: ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverridesName: 2362988687Type: REG_DWORDValue: 0Microsoft is actively investigating the problem and will release a resolution in a future update. Until then, IT administrators managing large enterprise environments should closely monitor synchronization activities and avoid deploying updates until a stable patch is available.
For more information, visit: Microsoft Update Health Dashboard and Entra Connect Sync.