Dynamic Local User is unable to authenticate if user name is longer that 20 characters

DLU account can not be created if the user name is longer than 20 characters.

The limitation of user name having 20 characters is from windows Operating System itself and nothing to do with ZENworks. 

Please check below link that specify the restriction from Windows Operating System.

http://serverfault.com/questions/105142/windows-server-2008-r2-change-the-maximum-username-length

 

Although it says Win 2008, it is applicable even for Win 7. Also we can try manually creating the user Computer Management ->Local Users and Groups ->Users -> New User.  We cannot enter more than 20 characters for the user name.

 

The following traces shows that although we have passed entire user name ( more than 20 Chars), Windows  fails to create the user name.

 

[DEBUG] [10/12/2015 10:31:14.360] [1276] [ZenworksWindowsService] [50] [Mustermann-TesteMaximilian] [dlu policy] [] [User Account creation failed for : Mustermann-TesteMaximilian, retValue : 2202] [] [] [] [ZENworks Agent]
[DEBUG] [10/12/2015 10:31:14.392] [1276] [ZenworksWindowsService] [50] [Mustermann-TesteMaximilian] [dlu policy] [] [Exception in ApplyPolicies :
Exception Details: User creation fails

 

ZENworks DLU handler internally  uses "NetUserAdd function" to add new user to the computer.

 

https://msdn.microsoft.com/en-us/library/windows/desktop/aa370649%28v=vs.85%29.aspx

 

This method clearly says that account names are limited to 20 chars. (User account names are limited to 20 characters and group names are limited to 256 characters.