See this thread for more info: https://www.techpowerup.com/forums/threads/boinc-for-windows-domain-controllers.227815/

This specific version of BOINC is recommended by Stanford for installation on Windows Servers acting as a domain controller. The installer for BOINC 6 and newer creates a separate user account for BOINC to run in and this action is forbidden on domain controllers. 

The problem with using BOINC 5 is that the security certificate (required for HTTPS) is expired so it cannot communicate with Stanford's servers ("SSL Connect" error). 

After you install the included BOINC 5 on the domain controller, you must stop the service/exit BOINC, then replace the version 5 certificates with the updated ones included in this ZIP archive. To install them, make sure to completely stop BOINC then extract them, overwriting the existing files, to where BOINC is installed (usually C:\Program Files\BOINC). 

It is vital that ca-bundle.crt overwrites the preexisting ca-bundle.crt because the file the security certificate that comes with BOINC 5.10.45 is expired.  Once the files are overwritten, remember to start up BOINC again and verify that BOINC can communicate with Stanford's servers without error.