[German]There is a bug that's causing problems with Windows Server 2025 when it is used as a domain controller (DC) and a schema master role is used. In mid-August 2025, I reported that the bug leads to duplicate entries. Microsoft has now confirmed this bug, and the condition, when it occurs, in a Tech Community post.
Note on a bug in the schema master
A German blog reader who wished to remain anonymous pointed out a bug in Windows Server 2025 that occurs when using a schema master role on domain controllers. If an administrator running Windows Server 2025 as a domain controller (DC) also runs the schema master (FSMO), this bug can cause serious problems.
The bug causes the schema master to generate duplicate entries in the schema under certain circumstances. This causes Active Directory (AD) replication with other DCs to fail, resulting in a schema mismatch error.
At the time, I published a blog post titled Windows Server 2025: Bug in the schema master role of the DC with a description of the problem and knew from my sources that Microsoft was already investigating the issue internally. I learned from the post Active Directory replication issue after installing new Exchange server dated August 2, 2025, in the Spaceworks Community that this was not an isolated case. The two linked posts contain further information.
Microsoft confirms bug in Schema Master
In this comment, German blog reader Tom pointed out that Microsoft had officially confirmed the problem (thanks for that) – but I hadn't had time to mention it here in the blog yet. I also came across the topic in the following tweet on X.
On October 9, 2025, Microsoft employee Nino Bilic published a Tech Community post titled Active Directory schema extension issue if you use a Windows Server 2025 schema master role, which sheds more light on the matter. The problem occurs when:
- a Windows Server 2025 acts as a domain controller and the schema master role (FSMO) is enabled,
- and a Microsoft Exchange Server (on-premises) is installed, and one of the current Exchange Server CUs (cumulative updates) such as Exchange 2019 CU15 or Exchange SE RTM is installed on Windows Server 2025.
This can affect the replication of the local Active Directory environment. The schema master FSMO role holder of Windows Server 2025 then creates duplicate schema attribute values. In this case, AD replication fails and the following application log events are displayed:
Error 8418: The replication operation failed because of a schema mismatch between the servers involved. Warning 1203 (NTDS Replication): The local domain controller could not replicate the following object from the source domain controller at the following network address because of an Active Directory schema mismatch.
Other tools such as repadmin /showrepl display AD replication problems. Since environments in which Windows Server 2025 is used as a domain controller with other roles are not affected, Microsoft suggests the following: Simply do without the schema master role if Windows Server 2025 is to be used with On-Premises Exchange Server installed.
The Windows Server team is working on a permanent solution to this problem (scheduled for release in the coming months). For those already affected by this issue, the Windows support team offers a process that allows AD replication to continue. However, this may require manual intervention (editing the schema). Those affected should open a support ticket with the Windows Active Directory team to obtain the solution.
