<add name="MembershipADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString" connectionUsername="xxx.com.cn/adminuser" connectionPassword=""youradminpassword"
enableSearchMethods="true"
requiresQuestionAndAnswer="true"
applicationName="/"
attributeMapUsername = "SAMAccountName"
passwordAttemptWindow = "10"
passwordAnswerAttemptLockoutDuration = "30"
/>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="dotnetinspirations.com/administrator" connectionPassword="youradminpassword"
connectionProtection="Secure"
enablePasswordReset="true"
enableSearchMethods="true"
requiresQuestionAndAnswer="true"
applicationName="/"
description="Default AD connection"
requiresUniqueEmail="false"
clientSearchTimeout="30"
serverSearchTimeout="30"
attributeMapPasswordQuestion="department"
attributeMapPasswordAnswer="division"
attributeMapFailedPasswordAnswerCount="singleIntAttribute"
attributeMapFailedPasswordAnswerTime="singleLargeIntAttribute"
attributeMapFailedPassswordAnswerLockoutTime="singleLargeIntAttribute"
attributeMapEmail = "mail"
attributeMapUsername = "userPrincipalName"
maxInvalidPasswordAttemps = "5"
passwordAttemptWindow = "10"
passwordAnswerAttemptLockoutDuration = "30"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
/>
</providers>
</membership>
http://www.codeplex.com/blogengine/WorkItem/View.aspx?WorkItemId=3102