In my application using Windows Authentication, I have been manually creating user roles/ membership stored in SQL (System.Web.Security.SqlRoleProvider enabled in web.config).

 <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="connMembership" applicationName="/" />

But now, as I am releasing the application, I need to change to using the company's Active Directory groups

<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"   />

AND

    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />

I have two questions (sorry I am really new to all this!)

1) using ActiveDirectoryMembershipProvider and WindowsTokenRoleProvider now in my web.config, how do I restrict user access into different pages of the app? (i.e. is using Roles.IsUserInRole(username, "ADGroupName") the only way?

2) How do I create an "admin" kind of role using Active Directory? I am asking because before (when still using SqlRoleProvider) I was able to create for myself an Admin group to add myself to in SQL which has access to all pages/functionalities

i.e Roles.AddUserToRole(userName, Admin). 

But now since I am part of a restricted AD group, I don't know how to override with some form of Admin security group to add myself to.

WOuld really appreciate your advice!!

Thanks!