LastLoginDate" is not supported by the Active Directory Membership Provider

For keeping track of auditable data like login time, you will need to add code to your login page to store this audit data. The SqlMembershipProvider supports storing the last login time for users - however the ActiveDirectoryMembershipProvider does not. The reason for this discrepancy is that the AD provider relies on directory attributes on the user object in AD. Not all user object attributes are replicated across domain controllers. So even though the AD schema for a user object includes an attribute for the last time a user logged in, that value doesn't get replicated. As a result, in any environment running two or more domain controllers the AD provider can't get an authoritative answer as to when a user last logged in.

If you try to retrieve the last login time from a MembershipUser instance returned by the AD provider you will get an exception instead. We chose to throw an exception rather than having the provider query each domain controller in an attempt to merge the values and determine the correct value. We figured that approach would generate excessive network traffic, and probably wouldn't work in more complex extranets where web servers intentionally aren't allowed access to every domain controller on a network.