Error: The DownlevelLogon name is invalid, it cannot contain more than 20 characters (NETIQKB51480)

  • 7751480
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.5

symptom
Error: "The DownlevelLogon name is invalid, it cannot contain more than 20 characters"

symptom
Error received when creating user accounts with a Pre-Windows 2000 logon name (sAMAccountName) that is longer than 20 characters.

cause
The $UserNameLengthPolicy policy is enabled

fix

DRA comes with several built-in policies that are enabled by default.  The $UserNameLengthPolicy policy ensures that user accounts created with DRA do not have a sAMAccount Name that exceeds 20 characters.  The 20 character limitation is necessary to maintain backwards compatibility with NT4 domains. For more information see the "SAM-Account-Name" MSDN article:

http://msdn.microsoft.com/library/en-us/adschema/adschema/a_samaccountname.asp

Although you can disable this policy, this is not recommended.



note
All built-in policies begin with the "$" character.

Additional Information

Formerly known as NETIQKB51480

Feedback service temporarily unavailable. For content questions or problems, please contact Support.