Your service installation program can suggest a default logon account for a service instance and allow the administrator to select the default account or specify a different one. If the administrator selects a user account (rather than the LocalSystem account), the account must exist before you call the CreateService function to install an instance of the service on a host server. For sample code that creates a new domain user object in Active Directory, see Creating a User.
Ideally, each instance of a service, whether a host-based or replicable service, should have its own domain user account. Using separate accounts for each service instance is more secure than having multiple instances share the same account. Also, using separate accounts makes it possible to audit the activities of each service instance.
So when your installation program suggests a default logon account, it should specify the name of a new account to be created for the new service instance. The account name could be composed from the same elements used to compose a service principal name, such as the service class, host computer, and service name (see Service Principal Names). Typically, you would create the account in the Users container on the domain of the host computer.
You also need to generate a password for each account. For a discussion of how to write a tool that automates the task of updating service account passwords, see Changing the Password on a Service's User Account.