Thanks for the advice. So it looks like I've got to:
1) Create a linked server to OLE DB Provider for Microsoft Directory Services
2) Find out which Windows Group(s) the user belongs to
3) Determine the superset of server-roles that are applicable to the Windows Groups returned in step 2.
A piece of cake considering my LDAP is very rusty :crazy: