Resolution
fact
Directory and Resource Administrator 7.5
symptom
Error: "The DownlevelLogon name is invalid, it cannot contain more than 20 characters"
symptom
Error received when creating user accounts with a Pre-Windows 2000 logon name (sAMAccountName) that is longer than 20 characters.
cause
The $UserNameLengthPolicy policy is enabled
fix
note
All built-in policies begin with the "$" character.
Directory and Resource Administrator 7.5
symptom
Error: "The DownlevelLogon name is invalid, it cannot contain more than 20 characters"
symptom
Error received when creating user accounts with a Pre-Windows 2000 logon name (sAMAccountName) that is longer than 20 characters.
cause
The $UserNameLengthPolicy policy is enabled
fix
DRA comes with several built-in policies that are enabled by default. The $UserNameLengthPolicy policy ensures that user accounts created with DRA do not have a sAMAccount Name that exceeds 20 characters. The 20 character limitation is necessary to maintain backwards compatibility with NT4 domains. For more information see the "SAM-Account-Name" MSDN article:
http://msdn.microsoft.com/library/en-us/adschema/adschema/a_samaccountname.asp
Although you can disable this policy, this is not recommended.
note
All built-in policies begin with the "$" character.
Additional Information
Formerly known as NETIQKB51480