When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft confirms Active Directory sync failure bug on Windows Server

An Active Directory synchronization failure may be affecting many large customers, Microsoft has a workaround for now.

Neowin · with 0 comments

Windows 11 logo

Patch Tuesday updates often introduce bugs, which is not surprising considering the heterogenous nature of the hardware and software ecosystem, spanning hundreds of millions of devices. However, sometimes it takes a while for customers to come across issues, or for Microsoft to acknowledge them. One such case has now been spotted on Windows Server 2025 installations.

In an update on its Windows Release Health dashboard, Microsoft has begun tracking an issue with Active Directory (AD). Basically, customers who use Active Directory directory synchronization - also known as DirSync - for on-prem installations of Active Directory Domain Services (AD DS), may face synchronization failures in certain cases. This will happen when the size of the AD security group exceeds 10,000 members.

This incomplete synchronization bug was introduced in September's Patch Tuesday updates for Windows Server. This means that anyone who installed KB5065426 or later updates may be affected. Keeping in view that the bug impacts AD groups with a significant number of members, it would appear that smaller organizations likely aren't affected. That said, this also implies that the potential scale of any disruption would be widespread since it impacts large customers.

Microsoft's doesn't have a concrete resolution yet, but it has requested affected customers to resort to the following Windows Registry value as a workaround:

  • Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
  • Name: 2362988687
  • Type: REG_DWORD
  • Value: 0

Do note that modifying the Registry value incorrectly may result in irrecoverable damage, so only do so at your own risk. Microsoft does plan to release a more reliable patch in a "future Windows update" but the timeline for that is currently not known. Affected customers will be hoping for a timely fix since synchronization failures in Active Directory can lead to various downstream issues too. In the meantime, IT admins should also refer to the Windows Registry guidance detailed here, before applying Microsoft's workaround.

A Windows 11 logo
Next Article

Microsoft says "something big" coming to Windows 11 this week

A glowing Microsoft logo
Previous Article

Here are all the new features in SQL Server Management Studio 22 Preview 3, now available

0 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here