I must be totally asleep. 
Anyway, please find the script below with comments. Let me know what you think? Are we getting anywhere with WMI/WBEM on this?
As you may notice, I went back to your initial conversion of this. 
code:
BREAK ON
$wshshell = CreateObject("WScript.Shell")
$ofs = CreateObject("Scripting.FileSystemObject")
$sec = CreateObject("ADsSecurity")
$textusr = "kdyer" ; userid
$textshare = "server" ; machine
$textsharen = "$textusr$$" ; sharename
$usershare = "$textusr" ; userid
$usersd = "\\$textshare\d$\users\$textusr" ; Admin path across the WAN
$userdir = "d:\users\$textusr" ; Local path on server
;===
; Create folder
;===
; -- Since we are playing around with Objects, let's try this with a WSCRIPT type command
; -- Uh doesn't work.. :-(
;IF NOT $ofs.folderexists($usersd)
; ?"Creating folder..."
; $ofs.createfolder $usersd
;ELSE
; ?"Folder already exits..."
;ENDIF IF NOT exist($usersd)
?"Creating folder..."
;md "$userdir"
MD "$usersd"
ELSE
?"Folder already exits..."
ENDIF
;===
; Create share
;===
$fservobj = GetObject("WinNT://"+ $textshare +"/lanmanserver")
$newshare = $fservobj.create("fileshare",$textsharen)
IF $newshare
?"Creating share ..."
$newshare.path = $userdir
$newshare.setinfo
$newshare=0
ELSE
?"Share already exists..."
ENDIF
;===
; Set ACLs
;===
$filenm = $usersd
;$filenm = $userdir
$permspart = "add($textusr:c)+add(domain admins:F)+add(Administrators:F)+del(everyone:F)"
;-- Replace ACL on single file or folder-------
IF $ofs.fileexists($filenm)
ChangeAcls($filenm, $permspart, "REPLACE", "FILE")
ELSE
IF $ofs.folderexists($filenm)
ChangeAcls($filenm, $permspart, "REPLACE", "FOLDER")
ENDIF
ENDIF
EXIT
$ofs=0
EXIT
FUNCTION ChangeAcls($file,$perms,$redit,$ffolder)
; -- Let's do some debugging
;?$file + " file"
;?$perms + " perms"
;?$redit + " redit"
;?$ffolder + " ffolder"
;sleep 2
;gets $x
;- Edit ACLS of specified file -----
$ads_acetype_access_allowed = 0
$ads_acetype_access_denied = 1
$ads_aceflag_inherit_ace = 2
$ads_aceflag_sub_new = 9
$sd = $sec.getsecuritydescriptor("FILE://$file")
$dacl = $sd.discretionaryacl
;===
;if flagged Replace then remove all existing aces from dacl first
;===
IF ucase($redit)="REPLACE"
FOR EACH $existingace IN $dacl
$dacl.removeace($existingace) ; temp removed - Needed for removal of user(s)
NEXT
ENDIF
;break up Perms into individual actions
$cmdarray=split($perms,"+")
FOR $x=0 TO ubound($cmdarray)
$tmpvar1=$cmdarray[$x]
IF ucase(left($tmpvar1,3))="DEL"
$aclaction="DEL"
ELSE
$aclaction="ADD"
ENDIF
$tmpcmdvar=left($tmpvar1,len($tmpvar1)-1)
$tmpcmdvar=right($tmpcmdvar,len($tmpcmdvar)-4)
$cmdparts=split($tmpcmdvar,":")
$namevar=$cmdparts[0]
$rightvar=$cmdparts[1]
; if flagged edit, delete ACE;s belonging to user about to add an ace for
IF ucase($redit)="EDIT"
FOR EACH $existingace IN $dacl
$trusteevar=$existingace.trustee
IF instr($trusteevar,"\")
$trunamevar=right($trusteevar,len($trusteevar)-instr($trusteevar,"\"))
ELSE
$trunamevar=$trusteevar
ENDIF
$uctrunamevar=ucase($trunamevar)
$ucnamevar=ucase($namevar)
IF $uctrunamevar=$ucnamevar
$dacl.removeace($existingace)
ENDIF
NEXT
ENDIF
; if action is to del ace then following clause skips addace
IF $aclaction="ADD"
IF ucase($ffolder)="FOLDER"
; folders require 2 aces for user (to do with inheritance)
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed, $ads_aceflag_sub_new)
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed, $ads_aceflag_inherit_ace)
ELSE
addace($dacl, $namevar, $rightvar, $ads_acetype_access_allowed,0)
ENDIF
ENDIF
NEXT
FOR EACH $ace IN $dacl
; for some reason if ace includes "NT AUTHORITY" then existing ace does not get readded to dacl
IF instr(ucase($ace.trustee),"NT AUTHORITY\")
$newtrustee=right($ace.trustee, len($ace.trustee)-instr($ace.trustee, "\"))
$ace.trustee=$newtrustee
ENDIF
NEXT
; final sets and cleanup
$sd.discretionaryacl = $dacl
$sec.setsecuritydescriptor($sd)
$sd=0
$dacl=0
$sec=0
ENDFUNCTION
FUNCTION addace($dacl, $trustee, $maskvar, $acetype, $aceflags)
; add ace to the specified dacl
$right_read = 2147483648 ; -- Converted to DEC from HEX - Thanks Shawn!
$right_execute = 536870912
$right_write = 1073741824
$right_delete = 65536
$right_full = 268435456
$right_change_perms = 262144
$right_take_ownership = 524288
;$RIGHT_READ = &80000000 ; -- Permissions come out odd, prepend HEX with & page 18 of Kix Manual
;$RIGHT_EXECUTE = &20000000
;$RIGHT_WRITE = &40000000
;$RIGHT_DELETE = &10000
;$RIGHT_FULL = &10000000
;$RIGHT_CHANGE_PERMS = &40000
;$RIGHT_TAKE_OWNERSHIP = &80000
$ace = CreateObject("AccessControlEntry")
$ace.trustee = $trustee
;?$maskvar + " Maskvar"
;sleep 2
$maskvar = ucase($maskvar)
SELECT
CASE
$maskvar="F" $ace.accessmask = $right_full
CASE
$maskvar="C" $ace.accessmask = $right_read + $right_write + $right_execute + $right_delete
CASE
$maskvar="R" $ace.accessmask = $right_read + $right_execute
ENDSELECT
; -- If you use this method, you will get "the paramter is incorrect" message.
;SELECT
;CASE $maskvar="F" $ace.accessmask = $RIGHT_FULL
;CASE $maskvar="C" $ace.accessmask = $RIGHT_READ | $RIGHT_WRITE | $RIGHT_EXECUTE | $RIGHT_DELETE
;CASE $maskvar="R" $ace.accessmask = $RIGHT_READ | $RIGHT_EXECUTE
;ENDSELECT
$ace.acetype = $acetype
$ace.aceflags = $aceflags
$dacl.addace($ace)
$ace=0
ENDFUNCTION
FUNCTION Left($expc,$expn)
$left=substr($expc,1,$expn)
ENDFUNCTION
FUNCTION Right($expc,$expn)
$right=substr($expc,len($expc)-$expn+1,$expn)
ENDFUNCTION
