UCS 2.1 addresses this particular issue. Bug ID: CSCth96721
Found an interesting UCS bug on 2.0(3b). May be resolved in 2.0(4d), but have not tested yet. This particular problem only manifests itself if your Active Directory tree structure is elaborate and causes a user account's distinguishedName to be longer than 128 characters.
Essentially UCS queries Active Directory w/ samAccountFilter, it receives the results of the query. It then makes a bind call against the DN using the results it received. The problem is the DN bind call variable on the UCS side seems to be limited to 128 characters which it then truncates the information when it makes the bind call.
The only real workaround is to move the affected account to another a higher level OU to shorten it's distinguished name.
You can use powershell to determine the length of your distinguished name by utilizing the Quest ActiveRoles PS snapin.