Here is a script I did a couple years ago. Might be what you need.

'* Purpose: Script reads in scriptpath attribute from AD and runs their login script. For Juniper VPN Users.
'*
'*
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2

Set objShell = WScript.CreateObject("WScript.Shell")
Set objNetwork = CreateObject("Wscript.Network")
strUser = objNetwork.UserName
wscript.echo "User: " & strUser

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = ("ADsDSOObject")
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = "SELECT samAccountName,scriptpath,ADsPath FROM " & _
"'LDAP://dc=hotelgroup,dc=com' " & _
"WHERE samAccountName = " & strUser
objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then
Wscript.Echo "User not found."
Wscript.Quit
Else
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("ADsPath").Value
Wscript.Echo "Running login Script: " & objRecordSet.Fields("scriptpath").Value
strScript = objRecordSet.Fields("scriptpath").Value
objRecordSet.MoveNext
Loop

End If

'Launch Script

objShell.Run("%comspec% /c \\domain\netlogon\" & strScript ), 1, True

Wscript.echo "End of Script"