Thanks for the advice. So it looks like I've got to:

1) Create a linked server to OLE DB Provider for Microsoft Directory Services

2) Find out which Windows Group(s) the user belongs to

3) Determine the superset of server-roles that are applicable to the Windows Groups returned in step 2.

A piece of cake considering my LDAP is very rusty :crazy: