Friends don’t let friends buy unnecessary hardware for domain controllers. I was recently consulting with a client who’s a principal at a family law firm with her folks. Naturally, that also made her the default IT person. Her last MSP wanted to charge the firm over $10k for a do-nothing domain controller.
It literally did nothing except for managing printers. No policies. No SSO connectivity. No redundancy. Nothing was being accomplished other than increasing their (cyber) attack surface area ... and keeping the spiders warm. It was an unpatched Windows 2008 Server. Her brother was so unsettled by it that he unplugged it every night!
My first instinct was to recommend refurbished hardware, saving them a bundle. But the fact remained that there wasn’t much payback even if I added someone policy benchmarks to secure their devices (other than not being compromised). Thinking differently and ditching domain controllers made it possible to spare them the cost of the hardware and do more for less. Even setting up a DC - without even doing anything special - takes hours (wasted).
It's 2022 and it should be easy for an SME to add SSO, MFA, and RADIUS services for their Wi-Fi, without having to build a datacenter. Read more about that experience ... it was eye-opening for me. The question is, how many other SMEs are in the same exact situation and overspending on IT with little to show for it?