如何使Windows Home Server成为域控制器

Active Directory lets companies manage users, computers, printers, and more from a centralized location. Have you wanted this functionality at home but don’t have money for Windows Server? Here’s how you can promote Windows Home Server to a domain controller.

Active Directory使公司可以从集中位置管理用户，计算机，打印机等。 您是否想在家中使用此功能，却没有Windows Server的资金？ 这是将Windows Home Server升级为域控制器的方法。

Maybe you don’t have 100+ computers in your closet but sometimes it may feel that way. Active Directory allows you to centrally manage the users that can log into the machines as well as help quickly set up machine preferences and can even help manage your virtual machines. If you have been wanting a better way to manage it all, or even just want to dive into Active Directory here’s how you can do it on the cheap.

壁橱中可能没有100台以上的计算机，但有时可能会遇到这种情况。 通过Active Directory，您可以集中管理可以登录到计算机的用户，还可以帮助快速设置计算机首选项，甚至可以帮助管理虚拟机。 如果您一直想要一种更好的方式来管理所有内容，或者只是想进入Active Directory，那么这里就是您可以廉价地实现的方法。

Please be aware that Microsoft specifically says you are not allowed to do this according to their end user license agreement (EULA) that you have to agree to when installing or setting up a Windows Home Server. As such, this article will be strictly for educational purposes.

请注意，Microsoft明确表示不允许您根据安装或设置Windows Home Server时必须同意的最终用户许可协议(EULA)进行此操作。 因此，本文将严格用于教育目的。

If you are allergic to breaking EULAs I suggest you purchase Windows Server from Microsoft. Select students on the other hand can freely download Windows Server from Microsoft DreamSpark.

如果您对破坏EULA过敏，建议您从Microsoft购买Windows Server。 另一方面，部分学生可以从Microsoft DreamSpark免费下载Windows Server 。

设置Windows Home Server (Set Up Windows Home Server)

After your initial setup of Windows Home Server you will need to turn on remote desktop abilities from the Windows Home Server console. If you are reading this article I am going to assume you know how to do that yourself.

初始设置Windows Home Server之后，您将需要从Windows Home Server控制台打开远程桌面功能。 如果您正在阅读本文，我将假设您知道自己如何做。

You will also need a couple of dedicated disks or partitions for storing Active Directory information. Active directory uses the folders NTDS and SYSVOL to store its database and public files and if they are not on dedicated disks you most likely see slowdown with your server and with your network.

您还需要几个专用磁盘或分区来存储Active Directory信息。 Active Directory使用文件夹NTDS和SYSVOL来存储其数据库和公共文件，如果它们不在专用磁盘上，则很可能会看到服务器和网络的速度降低。

Active Directory requires that you have DNS and a static IP address on your server. You don’t have to do these two steps right now, but you will need to be prepared to do them during the process.

Active Directory要求您在服务器上具有DNS和静态IP地址。 您现在不必执行这两个步骤，但是在此过程中您需要做好准备。

Promoting your WHS to a domain controller is going to do a few things that you may not want. Please read the below precautions before continuing.

将WHS提升为域控制器将要做一些您可能不希望做的事情。 在继续之前，请阅读以**意事项。

1. You will no longer be able to add computers to WHS with the WHS connector. From now on you will have to join computers to your new domain that you will set up. In order to be able to add computers to a domain you cannot use any of the “home” variants of Windows and instead will need to use the business, professional, or enterprise tiers.
   您将不再能够通过WHS连接器将计算机添加到WHS。 从现在开始，您将必须将计算机加入到要设置的新域中。 为了能够将计算机添加到域中，您不能使用Windows的任何“家庭”变体，而需要使用业务，专业或企业层。
2. All of your users in WHS will be erased and only the default user accounts (e.g. administrator, guest, etc.) will be left in WHS.
   WHS中的所有用户都将被删除，WHS中仅保留默认用户帐户(例如，管理员，访客等)。
3. Your WHS webpage will be broken. You can “fix” this by installing another web server (e.g. Apache) but it will take more setup and work.
   您的WHS网页将被破坏。 您可以通过安装其他Web服务器(例如Apache)来“修复”此问题，但这将需要更多的设置和工作。

All in all, be prepared to do a fresh install on your WHS and do not do this on a machine you are actively keeping information on. It would probably be a better idea to have a second computer to set up AD and migrate any information over that you want.

总而言之，请准备在WHS上进行全新安装，而不要在正在积极保留信息的计算机上执行此操作。 最好有第二台计算机来设置AD并根据需要迁移任何信息。

Always have backups, if this is a computer you use it is your responsibility to make a backup before you start this process.

始终有备份，如果您使用的是计算机，则有责任在开始此过程之前进行备份。

升级服务器 (Promote Your Server)

Domain controller promotion is done through the dcpromo.exe command. Go remote with your server and then open the run dialog and run the command.

域控制器升级通过dcpromo.exe命令完成。 与服务器一起使用，然后打开运行对话框并运行命令。

Click next a couple times and then select the option to create a new controller for a new domain.

单击下一步几次，然后选择为新域创建新控制器的选项。

Then select new domain forest.

然后选择新的域目录林。

Next it is best to select to set up DNS on the local machine. This is the easiest way to get the controller configured. You will just have to make sure you turn off DNS on your router.

接下来，最好选择在本地计算机上设置DNS。 这是配置控制器的最简单方法。 您只需要确保关闭路由器上的DNS。

If you are going to keep DHCP issued from your router you will also need to point DNS responsibilities to your server. Please check your router manual for how to do that.

如果要使DHCP从路由器发出，则还需要将DNS职责指定给服务器。 请查看您的路由器手册以了解操作方法。

Finally we can name the new domain. If you own a web domain name don’t name it the same thing as your domain name because in this case it may cause problems unless you are also running the web service and dynamic DNS updater from this computer.

最后，我们可以命名新域。 如果您拥有Web域名，请不要使用与域名相同的名称，因为在这种情况下，除非您同时也在此计算机上运行Web服务和动态DNS更新程序，否则它可能会引起问题。

Instead it is a better idea to come up with a .local name for your domain.

相反，最好为您的域提供一个.local名称。

Next you will need to put in a NETBIOS name. You should be able to select the default and just click next.

接下来，您需要输入NETBIOS名称。 您应该能够选择默认值，然后单击下一步。

We need to tell the domain controller where to store the database, log files, and public files. It is recommended to store all of this on a separate hard drive. In my installation I have a separate 20 Gb hard drive plugged in (E:) where I have put the required files.

我们需要告诉域控制器存储数据库，日志文件和公用文件的位置。 建议将所有这些存储在单独的硬盘驱动器上。 在我的安装中，我插入了一个单独的20 Gb硬盘驱动器(E :)，在其中放置了所需的文件。

If you have any pre-Windows 2000 computers I feel bad for you. In most cases you can leave out support for anything that old in the next step.

如果您有任何Windows 2000以前的计算机，我会为您感到难过。 在大多数情况下，您可以在下一步中保留所有过时的支持。

Select a new Administrator password.

选择一个新的管理员密码。

And then review your changes and click next.

然后查看您的更改，然后单击下一步。

Your promotion will start the process for you.

您的促销将为您启动该过程。

You will probably be asked for your installation CD at some point so make sure you have your CD (or the files from your CD) available to you.

在某个时候可能会要求您提供安装CD，因此请确保您拥有CD(或CD中的文件)可用。

You will also probably be prompted to change your IP address from dynamic to static during the process.

在此过程中，系统可能还会提示您将IP地址从动态更改为静态。

Click OK and then continue to change your IP address to a suitable static address.

单击确定，然后继续将您的IP地址更改为合适的静态地址。

Your setup should finish with this screen. Once you click finish go ahead and restart your new domain controller.

您的设置应在此屏幕上完成。 单击完成后，继续并重新启动新的域控制器。

Don’t worry if the reboot takes a while. It needs to start up a lot new services and will probably take a while for the first reboot.

如果重启需要一段时间，请不要担心。 它需要启动许多新服务，并且可能需要一段时间才能进行第一次重新启动。

Once the machine reboots you may get an error about a service failing to start. You should also have a new option at your login screen to log into the new domain you just created.

机器重新启动后，您可能会收到有关服务无法启动的错误。 您还应该在登录屏幕上有一个新选项，以登录到刚创建的新域。

安装后设置 (Post Installation Settings)

Now that you have a domain and a domain controller there are just a couple of things we need to do to make sure things run smoothly.

现在您已经拥有一个域和一个域控制器，我们只需要做几件事就可以确保事情顺利进行。

First we can fix the services error we got before by going to start -> run -> “services.msc”

首先，我们可以通过开始->运行->“ services.msc”来修复之前遇到的服务错误。

Find the “SSDP Discovery Service” and the “Universal Plug and Play Device Host” services and set them to start automatically. Then start the services manually.

找到“ SSDP发现服务”和“通用即插即用设备主机”服务，并将其设置为自动启动。 然后手动启动服务。

Now browse to C:\Windows\Temp. Right click on the folders and choose properties.

现在浏览到C：\ Windows \ Temp。 右键单击文件夹，然后选择属性。

On the security tab click add and then type network service and click check names. Once the name is verified (it will be underlined) click OK.

在安全选项卡上，单击添加，然后键入网络服务，然后单击检查名称。 验证名称(带下划线)后，单击“确定”。

Repeat the above two steps for the c:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files directory too.

对c：\ Windows \ Microsoft.NET \ Framework \ v2.0.50727 \ Temporary ASP.NET Files目录也重复上述两个步骤。

Now we need to configure the Windows Firewall to allow for the correct programs to get through. You could just disable the firewall but you will take a performance hit by just disabling it. Here are the ports and programs you will need to allow access through your firewall.

现在，我们需要配置Windows防火墙以允许正确的程序通过。 您可以仅禁用防火墙，但仅禁用防火墙会降低性能。 这是允许您通过防火墙访问所需的端口和程序。

To add a program exception click on the exceptions tab and then click add program. Browse to the dns.exe located in the c:\windows\system32 folder and then click change scope.

要添加程序例外，请单击“例外”选项卡，然后单击“添加程序”。 浏览到c：\ windows \ system32文件夹中的dns.exe，然后单击“更改范围”。

Change the scope to only be on your local subnet because you don’t want anyone outside of your network using your DNS for lookups.

将范围更改为仅在本地子网上，因为您不希望网络之外的任何人使用DNS进行查找。

Next do the same thing for the DHCP server located at C:\WINDOWS\system32\tcpsvcs.exe but don’t limit the scope. Instead allow any computer to connect to DHCP otherwise the computers will never get an IP address after we turn that on.

接下来，对位于C：\ WINDOWS \ system32 \ tcpsvcs.exe的DHCP服务器执行相同的操作，但不要限制范围。 而是允许任何计算机连接到DHCP，否则在打开该计算机后，这些计算机将永远无法获得IP地址。

We won’t set up DHCP in this article but may revisit this in the future. If you want to know how to set up DHCP check out the we got served link at the end of this post.

我们不会在本文中设置DHCP，但将来可能会重新讨论。 如果您想知道如何设置DHCP，请查看本文结尾处的“我们已提供服务”链接。

Go back to the main exceptions tab and then click add port. Type in LDAP for the name and 389 for the port number. Change the scope to my network (subnet) only and then click OK.

返回到主要例外选项卡，然后单击添加端口。 输入LDAP作为名称，输入389作为端口号。 将范围更改为仅我的网络(子网)，然后单击确定。

Repeat these steps for the following additional ports.

对以下其他端口重复这些步骤。

LDAP – 389 – UDP

LDAP – 389 – UDP

LDAP – 636 – TCP

LDAP – 636 – TCP

LDAP – 3268 – TCP

LDAP – 3268 – TCP

Kerboros – 88 – TCP and UDP

Kerboros – 88 – TCP和UDP

You now have Active Directory all set up and the necessary ports required to join computers to your new domain and begin managing users, computers, printers, and much more from a central location.

现在，您已经全部设置了Active Directory，并具有将计算机加入新域并开始从*位置开始管理用户，计算机，打印机等所需的必要端口。

we got served wiki

我们得到了维基

翻译自: https://www.howtogeek.com/57729/how-to-make-windows-home-server-into-a-domain-controller/