The following ldapsearch command issued against the Provisioning Repository (i.e. port 20391 but do not make any changes, only searches) will return the Provisioning Users which have Provisioning Role and what those roles are:
ldapsearch -LLL -h IMPS_HOST -p 20391 -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -w INSTALL_PWD -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -s sub "(&(objectclass=*)(eTRoleDN=*))" eTGlobalUserName eTRoleDN
Provisioning Users do not have Account Templates. Account Templates are linked to Provisioning Roles via inclusion objects. You can get the list of that info with the following ldapsearch command issued against the Provisioning Repository (i.e. port 20391 but do not make any changes, only searches)
ldapsearch -LLL -h IMPS_HOST -p 20391 -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -w INSTALL_PWD -b "eTSuperiorClass=eTRole,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -s sub "(objectclass=eTInclusionObject)" eTSuperiorClassEntry eTSubordinateClassEntry
The following KB might provide some useful reference information as well:
Explaining Provisioning Server Stored Object Assoc - CA Knowledge