Not sure why it didn't work, but here is one of my working tests... I changed your code a little to get a specific user and modified the way the ADO query was put together... The only line you will have to change below is $DN=GetUserDN("") if you want to target a specific user, otherwise it will get the currentuser. If this doesn't work for you, I have another piece of code that I worked on this last night, although its not as straight forward as the code below.


 Code:
$ADS_SCOPE_SUBTREE = 2

$objConnection = CreateObject('ADODB.Connection')
$objCommand = CreateObject('ADODB.Command')
$objConnection.Provider = 'ADsDSOObject'
$objConnection.Open('Active Directory Provider')

$objCommand.ActiveConnection = $objConnection

$DN=GetUserDN("")
? $DN
$strBase = "<LDAP://" + $DN +  ">"
$strFilter = "(&(objectCategory=person)(objectClass=user))"
$strAtt="distinguishedName, canonicalName, cn, employeeID, department"

$strQuery = $strBase + ";" + $strFilter + ";" + $strAtt + ";subtree"
$objCommand.CommandText=$strQuery

$objRecordSet = $objCommand.Execute()


$CanonicalName=Join($objRecordSet.Fields("canonicalName").Value)
? $CanonicalName




Function getUserDN(optional $username)
  Dim $objTrans
  if $username=""
    $username=@ldomain + "\"+ @userid
  endif
  if not instr($username,"\")
    $username=@ldomain + "\" + $username
  endif
  $objTrans = CreateObject("NameTranslate")
  if @error
    exit @error
  else
    $objTrans.Init(3, "")
    $objTrans.Set(3,$username)
    $getUserDN = $objTrans.Get(1)
    if @error
      exit @error
    endif
  endif
EndFunction