Firstly, ActiveDirectoryMembershipProvider does not support retrieving the password, but you can reset the password by providing secret-question, and secret-answer. You may also need to create few more attributes in the active directory schema associated with this. Below are those attributes:

1.      Password Question - Unicode String

2.      Password Answer - Unicode String

3.      Failed Answer count - Integer

4.      Last time at which the user supplied an invalid answer - Large Integer/Interval

5.      Account locked out time - Large Integer/Interval

These are the 5 new attributes which you need to add in the active directory schema for the "USER" object. I will explain how to add new attributes and associate them to an existing object.

1.      You need to first install the schema snap-in by registering schmmgmt.dll (regsvr32 schmmgmt.dll)

2.      Now, open an MMC, and add "Active Directory Schema" snap-in

3.      Expand the Active Directory Schema, and right click on Attribute, and select "Create Attribute"

4.      Enter the common name, LDAP name, other fields for the attribute you are creating. For example, "PasswordQuestion" - this would be having its type as Unicode String. See the above list of attributes and its types appropriately. If Integer, enter minimum/maximum values too.

5.      For the OID, you need to check this MSDN article.

Now follow the above steps to create all the 5 attributes which are needed. After creating these attributes, we need to attach them to the "USER" object.

1.      In the same MMC, Expand "CLASSES" and select user object.

2.      Right click on user and select properties

3.      Go to its attributes tab, and click Add

4.      Select the attributes that you've created one by one and click on OK

That's it. Now, your user object would have all those attributes, and you can store values using any method you like. If you create an user using CreateUser wizard control, it would populate and store the values of the secret-question, answer automatically. ActiveDirectoryMembershipProvider would take care of storing, retrieving values of these attributes itself, you no need to program anything for them.

But, there would be some situation the users have been already created, but you need to attach these attributes to them. Follow the above methods to add attributes to the user object. And, now open the particular user's properties in ADSIEDIT.msc, and add values to them.

After following all the above steps, follow the other steps mentioned in this article to configure your web.config sections to map the attributes you've created in AD.