If you want to use ActiveDirectoryMembershipProvider on your website to manage users specially the password reset functionality, you will also need to create few attributes in the active directory schema for the "USER" object. You can check this MSDN article to know more about this, but again, it doesn't list how to create the needed attributes, but it tells you what are all the attributes needed if you are considering "Password Reset" functionality.
Firstly, ActiveDirectoryMembershipProvider does not support retrieving the password, but you can reset the password by providing secret-question, and secret-answer. You may also need to create few more attributes in the active directory schema associated with this. Below are those attributes:
These are the 5 new attributes which you need to add in the active directory schema for the "USER" object. I will explain how to add new attributes and associate them to an existing object.
Now follow the above steps to create all the 5 attributes which are needed. After creating these attributes, we need to attach them to the "USER" object.
That's it. Now, your user object would have all those attributes, and you can store values using any method you like. If you create an user using CreateUser wizard control, it would populate and store the values of the secret-question, answer automatically. ActiveDirectoryMembershipProvider would take care of storing, retrieving values of these attributes itself, you no need to program anything for them.
But, there would be some situation the users have been already created, but you need to attach these attributes to them. Follow the above methods to add attributes to the user object. And, now open the particular user's properties in ADSIEDIT.msc, and add values to them.
After following all the above steps, follow the other steps mentioned in this article to configure your web.config sections to map the attributes you've created in AD.
NOTE: Password-answer is the only one attribute out of these 5 which would be stored in an encrypted format. <machinekey> section would be used for the encryption of this, if you create an user using the CreateUser wizard. But, if you have already created the user in the AD, and you want to just store the secret-question and password, you may want to check my next blog where I'll explain how to use the same encryption method used by the MembershipProvider to store the secret-password in the active directory for the user.