You must give sufficient privileges to Microsoft Dynamics CRM installation user. The easiest approach is for the installation user (perhaps CRM Admin) to be a member of the Domain Admins group, which is defined in Active Directory Users and Computers.
The best practice is to create a new domain user account for the installation of CRM, instead of using the built-in Administrator account. In this case, give him the minimum amount of privileges which are:
- Ability to create objects within Active Directory OUs that is the target parent OU for installing Microsoft CRM. (i.e. Group policy creator owner. See image below.)
- Local Administrator on the computer where Microsoft Dynamics CRM is being installed.
- SQL Server Administrator Privilege.
- IIS Server Local Administrator Privilege.
