As part of the provider's implementation, it uses a custom derivation of MembershipUser called ActiveDirectoryMembershipUser. This custom user type serves the following purposes:
It makes the SecurityIdentifier that is the ProviderUserKey property serializable. Because the Membership feature expects MembershipUser instances to be serializable, and the SecurityIdentifier class itself is not serializable, the ActiveDirectoryMembershipUser has some special logic to translate the ProviderUserKey property into a serializable format.
The LastLoginDate and LastActivityDate properties are overridden to throw NotSupportedExceptions from both their getters and setters. This ensures that developers will recognize that user objects returned from AD or ADLDS do not support these property values.
The class implements a constructor that matches the wide constructor overload on the MembershipUser base class. The ActiveDirectoryMemberhipUser class makes a validation check inside of its constructor to ensure that if a non-null value is supplied for the providerUserKey parameter that it is of type System.Security.Principal.SecurityIdentifier.
The custom class overrides the Email, Comment, and IsApproved properties. Inside of the setters the ActiveDirectoryMembershipUser class sets internal flags marking each property value as dirty. This is done as a performance optimization to cut down on the need to update properties on the directory server if their original values ...