CRM 4.0 AD Security Groups

When you installed CRM 4.0 then CRM 4.0 installation system creates list of Activity Directory security groups.

Following is the list of security groups that are created as part of CRM 4.0 installed process and their purpose in brief.

PrivUserGroup
The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses
The user account that runs the Microsoft Dynamics CRM installation
The computer account on which the Microsoft Dynamics CRM-Exchange E-mail Router will be installed

ReportingGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

SQLAccessGroup

The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses

UserGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

PrivReportingGroup
The computer account on which the Microsoft Dynamics CRM Data Connector for Microsoft SQL Server Reporting Services will be installed.

Since these above AD Security Groups needs to be create as part of CRM 4.0 Installation MS recommends user who is installing CRM 4.0 should be Active directory administrator. This is recommended but you can get around this requirement as well.

Check out following KB article for the same
http://support.microsoft.com/kb/946677/en-gb

Hope this helps..

Cheers,
MayankP:)