# Cascades of Tucson -- Add caregivers to SG-Caregivers
# Date: 2026-05-16
# Run on: CS-SERVER as a domain admin
# Adds all 37 caregiver accounts to SG-Caregivers.
# This is a deliberate access-control step, separate from account creation.

$Group = "SG-Caregivers"

$Accounts = @(
    "t.abainza",
    "n.castro",
    "e.esperance",
    "b.johnson",
    "k.flores",
    "r.flores",
    "m.kastner",
    "b.mendoza",
    "r.morales",
    "s.padilla",
    "w.reed",
    "p.sandoval-beck",
    "b.sika",
    "j.andrade",
    "j.clarke",
    "k.aziakpo",
    "j.dittbenner",
    "a.mcferren",
    "s.ramirez",
    "e.sanchez",
    "k.wyzykowski",
    "c.tate",
    "a.atwood",
    "c.johnson",
    "r.cooper",
    "m.lopez",
    "g.williford",
    "s.carroll",
    "l.hogan",
    "g.williams",
    "j.higdon",
    "m.kariuki",
    "c.lassey",
    "p.doran",
    "e.huerta",
    "m.baker",
    "e.yuzon"
)

$added   = 0
$failed  = 0
$skipped = 0

foreach ($sam in $Accounts) {
    $user = Get-ADUser -Filter "SamAccountName -eq '$sam'" -ErrorAction SilentlyContinue
    if (-not $user) {
        Write-Host "[SKIP] $sam -- not found in AD"
        $skipped++
        continue
    }

    $inGroup = Get-ADGroupMember -Identity $Group -ErrorAction SilentlyContinue |
               Where-Object { $_.SamAccountName -eq $sam }

    if ($inGroup) {
        Write-Host "[SKIP] $sam -- already in $Group"
        $skipped++
        continue
    }

    try {
        Add-ADGroupMember -Identity $Group -Members $sam
        Write-Host "[OK] $sam -- added to $Group"
        $added++
    }
    catch {
        Write-Host "[ERROR] $sam -- $_"
        $failed++
    }
}

Write-Host ""
Write-Host ("Result: {0} added, {1} failed, {2} skipped" -f $added, $failed, $skipped)