What it should be delegated?
Same as the previous question, quite hard to individually response. The simplest, easiest, most common and worst thing we can do is to assign Administrator rights. We must completely ignore this approach, as is not even an option. What we must identify, is what specific action happening on the directory, and if it matches with the “To who do I need to delegate?” question, then we already identify a role, which a delegation will follow.
Taking the user provisioning idea, this team creates and deletes users within the directory. So a delegation will be done for the identified team granting the right to ONLY create users.