Well it's looking pretty good, but still is not setting perms. 
I like your code better, a simple conversion from VBS did not cut it.
I hope it was ok to add in some functionality..
code:
BREAK ON
IF 0 = InStr(@kix, "4.") ; Check to see if KIX 4.x is being used
? "Kix 4.00 is required - Sorry."
SLEEP 2
EXIT
ENDIF
$ofs = CreateObject("Scripting.FileSystemObject")
$sec = CreateObject("ADsSecurity")
IF $sec ; Check to see if ADSSECURITY.DLL is registered
; Capture the name of the person you are working with
COLOR g+/n
? "Enter the userid of the person - jdoe"
COLOR w+/n
?
GETS $textusr
IF $textusr = ""
COLOR r+/n
? "No UserID input provided. Stopping script now."
COLOR w+/n
SLEEP 2
EXIT
ENDIF
; Capture the name of the server are you adding the share to
COLOR g+/n
? "Enter the server - server"
COLOR w+/n
?
GETS $textshare
IF $textshare = ""
COLOR r+/n
? "No Server Name input provided. Stopping script now."
COLOR w+/n
SLEEP 2
EXIT
ENDIF
;;$usershare = "$textusr" ;
; Path for user folders
$usershare = "\\" + $textshare + "\d$\users"
;;$userdir = "f:\users\$textusr" ; path
; Now let's create a variable to work with - \\SERVER\users\jdoe
; Directory to save
$userdir = "\\"+ $textshare + "\d$\users\" + $textusr
$usersd = "d:\users\$textusr"
$textsharen = "$textusr$$" ; sharename
;===
; Create folder
;===
IF NOT exist($userdir)
?"Creating folder..."
MD "$userdir"
ELSE
?"Folder already exits..."
ENDIF
;===
; Create share
;===
$fservobj = GetObject("WinNT://$textshare/lanmanserver")
$newshare = $fservobj.create("fileshare",$textsharen)
IF $newshare
?"Creating share ..."
$newshare.path = $usersd
$newshare.setinfo
$newshare=0
ELSE
?"Share already exists..."
ENDIF
;===
; Set ACLs
;===
$filenm = $usersd
$permspart = "add($textusr:c)+add(Administrator:f)+add(Guest:f)"
;-- Replace ACL on single file or folder-------
IF $ofs.fileexists($filenm)
ChangeAcls($filenm, $permspart, "REPLACE", "FILE")
ELSE
IF $ofs.folderexists($filenm)
ChangeAcls($filenm, $permspart, "REPLACE", "FOLDER")
ENDIF
ENDIF
EXIT
$ofs=0
EXIT
FUNCTION ChangeAcls($file,$perms,$redit,$ffolder)
;- Edit ACLS of specified file -----
$ads_acetype_access_allowed = 0
$ads_acetype_access_denied = 1
$ads_aceflag_inherit_ace = 2
$ads_aceflag_sub_new = 9
$sd = $sec.getsecuritydescriptor("FILE://$file")
$dacl = $sd.discretionaryacl
;===
;if flagged Replace then remove all existing aces from dacl first
;===
IF ucase($redit)="REPLACE"
FOR EACH $existingace IN $dacl
; $dacl.removeace($existingace) ; temp removed
NEXT
ENDIF
;break up Perms into individual actions
$cmdarray=split($perms,"+")
FOR $x=0 TO ubound($cmdarray)
$tmpvar1=$cmdarray[$x]
IF ucase(left($tmpvar1,3))="DEL"
$aclaction="DEL"
ELSE
$aclaction="ADD"
ENDIF
$tmpcmdvar=left($tmpvar1,len($tmpvar1)-1)
$tmpcmdvar=right($tmpcmdvar,len($tmpcmdvar)-4)
$cmdparts=split($tmpcmdvar,":")
$namevar=$cmdparts[0]
$rightvar=$cmdparts[1]
; if flagged edit, delete ACE;s belonging to user about to add an ace for
IF ucase($redit)="EDIT"
FOR EACH $existingace IN $dacl
$trusteevar=$existingace.trustee
IF instr($trusteevar,"\")
$trunamevar=right($trusteevar,len($trusteevar)-instr($trusteevar,"\"))
ELSE
$trunamevar=$trusteevar
ENDIF
$uctrunamevar=ucase($trunamevar)
$ucnamevar=ucase($namevar)
IF $uctrunamevar=$ucnamevar
$dacl.removeace($existingace)
ENDIF
NEXT
ENDIF
; if action is to del ace then following clause skips addace
IF $aclaction="ADD"
IF ucase($ffolder)="FOLDER"
; folders require 2 aces for user (to do with inheritance)
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed, $ads_aceflag_sub_new)
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed, $ads_aceflag_inherit_ace)
ELSE
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed,0)
ENDIF
ENDIF
NEXT
FOR EACH $ace IN $dacl
; for some reason if ace includes "NT AUTHORITY" then existing ace does not get readded to dacl
IF instr(ucase($ace.trustee),"NT AUTHORITY\")
$newtrustee=right($ace.trustee, len($ace.trustee)-instr($ace.trustee, "\"))
$ace.trustee=$newtrustee
ENDIF
NEXT
; final sets and cleanup
$sd.discretionaryacl = $dacl
$sec.setsecuritydescriptor($sd)
$sd=0
$dacl=0
$sec=0
ENDFUNCTION
FUNCTION addace($dacl, $trustee, $maskvar, $acetype, $aceflags)
; add ace to the specified dacl
$right_read = &80000000
$right_execute = &20000000
$right_write = &40000000
$right_delete = &10000
$right_full = &10000000
$right_change_perms = &40000
$right_take_ownership = &80000
$ace = CreateObject("AccessControlEntry")
$ace.trustee = $trustee
$maskvar = ucase($maskvar)
SELECT
CASE
$maskvar="F" $ace.accessmask = $right_full
CASE
$maskvar="C" $ace.accessmask = $right_read | $right_write | $right_execute | $right_delete
CASE
$maskvar="R" $ace.accessmask = $right_read | $right_execute
ENDSELECT
$ace.acetype = $acetype
$ace.aceflags = $aceflags
$dacl.addace($ace)
$ace=0
ENDFUNCTION
FUNCTION Left($expc,$expn)
$left=substr($expc,1,$expn)
ENDFUNCTION
FUNCTION Right($expc,$expn)
$right=substr($expc,len($expc)-$expn+1,$expn)
ENDFUNCTION
ELSE
COLOR r+/n
?"ADsSecurity not installed on this machine"
COLOR w+/n
SLEEP 2
EXIT
ENDIF
EXIT
