By default, the Active Directory driver includes the entitlements listed below. You can use these entitlements as examples of the types of entitlements you might want to create for other drivers.
User Account Entitlement: Grants or revokes an account in Active Directory for the user. When the account is granted, the user is given an enabled logon account. When the account is revoked, the logon account is either disabled or deleted, depending on how the driver is configured.
Group Membership Entitlement: Grants or revokes membership in a group in Active Directory. The group must be associated with a group in the Identity Vault. When membership is revoked, the user is removed from the group. The group membership entitlement is not enforced on the Publisher channel; if a user is added to a controlled group in Active Directory by some external tool, the user is not removed by the driver. Further, if the entitlement is removed from the user object instead of being simply revoked, the Active Directory driver takes no action.
Exchange Mailbox Entitlement: Grants or revokes an Exchange mailbox for the user in Microsoft Exchange.