ps/Modules/Alkami.PowerShell.Services/Public/New-AppTierWindowsServices.ps1

function New-AppTierWindowsServices {
<#
.SYNOPSIS
    Used to configure Windows services for Install\-ORBAppServer
#>
    [CmdletBinding()]
    Param()

    $logLead = (Get-LogLeadName)

    $servicesToInstall = (Get-AppTierServices)

    foreach ($service in $servicesToInstall) {
        # The service object has properties:
        # @{ FolderName; AssemblyInfo; Name; User; Password; IsGMSAAccount; Binary; }
        # They are used as such:
        # Install-AlkamiService uses AssemblyInfo, Name, User
        # Set-WindowsServiceExecutionAccount uses Name, User, Password, IsGMSAAccount
        # Binary is unused, it is legacy. It's useful, just not for this, due to the way Install-AlkamiService works

        $serviceName = $service.Name
        $serviceFolder = (Join-Path (Get-OrbPath) $service.FolderName) # The highly legacy service applications run from ORB proper
        $assemblyInfo = $service.AssemblyInfo
        $user = $service.User
        $password = $service.Password
        $IsGMSA = $service.IsGMSAAccount

        try {
            Write-Host "$logLead : Beginning install of legacy service [$serviceName]."

            $splat = @{
                Path = $serviceFolder
                AssemblyInfo = $assemblyInfo
                # ex: "Alkami Nag Service" - Should get set on the service at create or update time
                DisplayName = $serviceName
                # SRE-17892 - all two of the default Alkami Windows Services require database access
                IsDatabaseAccessRequired = $true
                StartOnInstall = $false
            }

            # Install-AlkamiService is self-healing
            Install-AlkamiService @splat

            Write-Host "$logLead : Service installed, updating service execution account for [$serviceName]"

            # Set-WindowsServiceExecutionAccount is self-healing
            Set-WindowsServiceExecutionAccount -ServiceName $serviceName -ServiceUser $user -ServicePassword $password -IsGMSAAccount:$IsGMSA

            Write-Host "$logLead : Service [$serviceName] appears to finish installing correctly."
        } catch {
            Write-Warning "$logLead : Failed to finish creating account. See previous log statements for last good location. Continuing to next service."
        }
    }
}

Set-Alias -name Create-AppTierWindowsServices -value New-AppTierWindowsServices