By default, Sitecore allows only usernames matching the following regular expression: "^\w[\w\s]*$". This means that the username must start with an alphanumerical character followed by any number of symbols that must be alphanumeric characters or whitespaces.
If Sitecore uses external security providers (like AD or CRM providers) that already contain names that do not pass the built-in account name validation, Sitecore may throw errors like the following one when performing security-related operations:
System.Web.HttpRequestValidationException. Message: User name "ad\name.surname" is not valid.
<!-- ACCOUNT NAME VALIDATION
Regular expression for validating account name
<setting name="AccountNameValidation" value="^\w[\w\s]*$"/>
For more information about regular expressions in .NET, please refer to the following article: