WARNING: Making your home server into a domain controller will SIGNIFICANTLY reduce your server’s disk performance.  In my case, I saw my file transfer speeds crawl to 8 MB/s from 31 MB/s on a clean build.  I have since reverted and no longer have my home server as a domain controller.  If you do not care about transfer speeds, then follow the instructions below:
——————————————————————–
 
In order to simplify and centralize the number of machines, services, etc running in my home, I decided to make my Window Home Server a domain controller.  This page outlines what steps were involved, issues encountered, and remediation steps taken.
 
Converting to a Domain Controller
Follow the steps to convert any Windows 2003 system to a domina controller (i.e. run DCPROMO).
 
Issues and Remediation
Remote Access
The following error ocured when trying to view the remote access web page:
The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to ‘C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\Temporary ASP.NET Files’.
 
To resolve, I ran the following command:
“C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe” -ga “NT AUTHORITY\NETWORK SERVICE”
 
Password Policy
While on the Windows Home Server you can set the desired password policy, this no longer works after upgrading to a domain controller (ex. you may have set the password policy slider to WEAK but wont be able to create accounts with weak passwords).  To modify the domain password policy:  
  • Open Adminstrative Tools | Domain Security Policy
  • Click on Security Settings | Account Policies | Password Policy
  • Make the desired modifications to the password policy (below I have outlined the three main home server password policy settings and how to change the domain policy settings to match – of course, you can change this to anything you’d like):
    • Weak
      • Change “minimum password length” to 0 and disable “Password must meet complexity requirements”
    • Medium
      • Change “minimum password length” to 5 and disable “Password must meet complexity requirements”
    • Strong
      • Change “minimum password length” to 7 and enable “Password must meet complexity requirements”
  • Run the following command on the home server:
    • gpupdate /force

Clients Joining the Domain
When trying to join a client to the domain, you may get the error “The specified server cannot perform the requested operation”.

To resolve, I disabled the Windows Firewall on the home server (I probably could have just allowed an exception).

Slow network file copies
Problem is outlined here, but the instructions in the document are wrong and are for Windows 2000 only – and will have no affect on a home server (which is Windows 2003).  The fix below sped up my transfers from 1.8MB/s to 3.8MB/s (not great, but better than it was).  To fix this slow network file copy issue: 

  • Start Registry Editor (Regedt32.exe).
  • Locate and click the following key in the registry, where Adapter GUID is the globally unique identifier (GUID) for the network adapter that connects to the clients:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\Adapter GUID
  • On the Edit menu, click Add Value, and then add the following registry value:
    • Value name: TcpAckFrequency
    • Data type: REG_DWORD
    • Value data: Set this value to 1.
  • Quit Registry Editor.
  • Restart Windows for this change to take effect.

RELATED POSTS:

  1. Tweaking Windows Home Server
  2. Windows Home Server Tweaking
  3. Controlling your home server from your iPhone
  4. AspireHome My Computer Link Application
  5. Resolving account lockouts on Windows Home Server