I finally got a chance to try replicating this and it turns out the problem was not specific to the Windows version, but rather the way I was testing.
I'll save you the gory details, but in a nutshell the Windows resolver libraries (used by browsers, ping, etc) do get the new DNS server added properly.
However, nslookup, dig, etc have their own resolver code, and do not use the Windows libraries. So it appears that the new DNS server is injected into list used by the Windows libraries, but is not seen by other resolvers.