I fought with this for awhile and finally got it working. If you have a 2003 server you have to pass admin credentials, but I didn't when it was 2000. I also had to disable anonymous access to the directory through IIS, though this might just be because of my implementation.
The following is my code for looking up user info by logon (sAMAccountName).
Please feel free to ask any questions. I wrestled with this on and off for a week.
set conn = CreateObject("ADODB.Connection")
conn.provider = "ADSDSOObject"
conn.Properties("User ID") = "domain\login"
conn.Properties("Password") = "password"
conn.Properties("Encrypt Password") = True
conn.open "ADs Provider"
set gui = conn.execute("SELECT distinguishedName, givenName, sn, mail, description, physicalDeliveryOfficeName, telephoneNumber, l, postalCode, st, homePhone, streetAddress, displayName, department FROM 'LDAP://servername' WHERE objectClass='user' AND sAMAccountName='"&logonName&"'")