For some reason in my new Server 2012 domain - which has the exact same Group Policy settings etc as my old server 2003 domain, applications can't create user accounts in AD on domain controllers during install.
For example Kaspersky and Sage HR Server during install attempt to create a local user account if on a regular server (this works fine) or a domain user account if on a DC for the Service to run as. It fails to create these user accounts and the service does not start. It only works as a local user account on a non-dc.
I called Sage and they just said 'something'was blocking it, most likely a GPO..