Microsoft has confirmed a known issue affecting Active Directory Domain Services (AD DS) synchronization on Windows Server 2025 systems, caused by the September 2025 security update (KB5065426). The problem results in incomplete synchronization of large AD security groups with over 10,000 members.
The issue affects applications that use DirSync control for on-premises Active Directory Domain Services. Microsoft is working to resolve this problem and has provided a workaround: adding the registry key “2362988687” as soon as possible to avoid disruptions in Microsoft Entra Connect Sync.
However, administrators are warned to modify the registry with caution, as incorrect changes may lead to serious problems that require reinstalling the operating system. The company cannot guarantee a solution to this issue and advises admins to take the risk.
This is not an isolated problem; Microsoft has also been working on another known issue affecting Windows 11 24H2 and Windows Server 2025 devices, causing Windows update failures when installing updates from a network share using WUSA. A fix for this bug has not yet been released, but Redmond is mitigating it automatically on certain devices via Known Issue Rollback (KIR).
In other news, Microsoft has recently resolved several known issues, including one preventing Azure VMs from launching and another causing Windows Server 2025 domain controllers to become unreachable after a restart.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-windows-server-updates-cause-active-directory-issues