Overview 

There are several Active Directory components needed to install Service Based Architecture. We'll need at least one Windows domain user to run the 6 services, and one or two Active Directory Security Groups to further grant permissions.

Step one: Create a service account for the services 

There are five Windows Services and the web site Application Pool that all need identities. Two of the services that you see below are for the Web Client (the Session and Session Central services), the rest are SBA.

It is possible to use just one user, or for better security you can create six individual accounts. The services are shown below.

This user does not need any specific rights, the rights required will be assigned by the install

Step two: Create an active directory group (or two) to use for permissions

Additionally, you'll need to create an Active Directory Security Group to further assign permissions. This will be asked for in the SBA install.

We named ours after the name of the box that the install is on, but any name will do.

After adding the Security Group above, add the new user (SBA Demo User, in our case) to the group.

Configure GP 

Next, go into Dynamics GP and add the user in the usual fashion; then associate the windows user with the GP user in the User Setup as shown below.