Microsoft fixes Windows Server Active Directory sync issues

Microsoft is rolling out a fix for Active Directory issues affecting some Windows Server 2025 systems after installing security updates released since September. As Redmond explained when it acknowledged it on Tuesday, this known issue affects Active Directory Domain Services (AD DS) synchronization, including Microsoft Entra Connect Sync. "Applications that use the Active Directory directory synchronization (DirSync) control for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect Sync, can result in incomplete synchronization of large AD security groups exceeding 10,000 members," Microsoft said. "This issue occurs only on Windows Server 2025 after installing the September 2025 Windows security update (KB5065426), or later updates." Microsoft now allows IT administrators to fix this bug on managed devices by installing and configuring this Known Issue Rollback Group Policy on impacted Windows devices. Admins can find more information on deploying and configuring KIR group policies on Microsoft's support website. Until next month's Patch Tuesday when the fix will rollout to all customers, the issue can also be resolved on non-managed business devices and for most home users by adding the following registry key as soon as possible to avoid Microsoft Entra Connect Sync disruptions: Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides Name: 2362988687 Type: REG_DWORD Value: 0 Microsoft is also working to fix a bug affecting Windows 11 24H2 and Windows Server 2025 devices and causing Windows update failures when using the Windows Update Standalone Installer (WUSA) to install updates from a network share. On Friday, the company also provided guidance on addressing smart card authentication issues impacting all Windows 10, Windows 11, and Windows Server releases after installing the October 2025 Windows security updates. One day earlier, Microsoft fixed another known issue breaking HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates and removed two compatibility holds that blocked users from Windows 11 upgrades via Windows Update.