This is based on a reply within support ticket.
Unfortunately this is not directly possible with our authentication. By default only the values the whole provider provides only only username and password and gets roles based on that so you would need to modify source code as the code looks like:
// Validate the user against AD
if (membershipProvider.ValidateUser(username, password))
// Get the roles if the roles are to be imported
string roles = null;
if (!FederationAuthentication && ImportWindowsRoles)
roles = GetUserADRoles(username, roleProvider);
You can try using custom security handler to get other user data from AD and push it into the system:
Or what I had seen more times with other customers is to configure ADImortToolkit to import users and data first time and then to call it on regular bases to Keep AD and Kentico users in synch.