13.3. Unique Aspects of Provider Functionality
In general, the ActiveDirectoryMembershipProvider's implementation of MembershipProvider properties and methods matches the functionality described in earlier chapters for the Membership API and the SqlMembershipProvider. However, there are some differences in functionality that you should keep in mind so that you are not surprised when you start working with the provider.
Each of the provider's methods is listed here with a description of the directory-specific functionality that occurs in each method.
CreateUser: You cannot create users with an explicit value for the providerUserKey parameter. If you attempt to create a new user with a non-null providerUserKey, the provider will throw an exception. If the creation was successful the provider returns an instance of ActiveDirectoryMembershipUser: this custom class is discussed further in the next section. If you create a user in AD, and the username is mapped to userPrincipalName (UPN), the provider will perform a GC lookup to confirm that the UPN is not already in use elsewhere in the forest. This means that if you use the provider in an extranet environment and you use UPNs for the username, your web servers will require network connectivity to a global catalog server to perform this check. Also if you use a UPN for the username the provider will automatically generate a random 20-character value for the sAMAccountName attribute (this will look something like $A31000-2B7QQ9PMDFOG ...