When a user attempts to logon to a system using AD credentials, they have two options in how this will work. The first option (and the one that we typically use) uses NETBIOS. NETBIOS has some inherent length limitations built into it. For example, although you can name a computer with more than 15 characters, if you are attempting to connect to it with NETBIOS using more than 15 characters will fail. In the same way, usernames with more than 20 characters will also fail when using NETBIOS. (You would need to shorten what is typed in so that it is 20 characters or less.)
A second method to logon is using the UPN (User Principal Name). This will typically be more in the format of an email address and uses DNS instead of NETBIOS. When looking in Active Directory Users and Computers (ADUC), you will see that the NETBIOS name is referred to as pre-Windows 2000. The UPN is shown as just the User logon name. The UPN method does not have a limitation on how long the username can be.
How do I log on with the different methods?
We are all familiar with the logon screen for Windows XP and prior NT based operating systems (this changes, of course, for Vista).
Typically, we have the Log on to box that allows us to choose which domain we are going to be using for our logon.
When using a UPN logon, though, this screen changes. As soon as you add an “@” to your username, it will automatically darken your options for the Log on to box. It now uses your full UPN to determine what domain it will use to logon as. Typically, this is going to be the fully qualified DNS name for your domain (although your enterprise admin can add additional UPN prefixes). Now, using your UPN, you can log on with a username that is longer than 20 characters.