# Cascades of Tucson -- Caregiver AD Account Creation
# Date: 2026-05-16
# Run on: CS-SERVER as a domain admin
# OU: OU=Caregivers,OU=Departments,DC=cascades,DC=local
#
# Creates 37 caregiver accounts.
# Display names match ALIS (preferred/known names).
# UPN format: firstinitial.lastname@cascadestucson.com
#
# Exceptions:
#   b.sika   -- Charity Sika (legal first name Bariffa drives the initial)
#   e.huerta -- Zeke Huerta (legal first name Ezekiel drives the initial)
#
# Excluded:
#   Christine Nyanzunda -- already has accounts, do not create
#   Polett Pinazavala   -- departed, do not create
#
# Espe Esperance -- legal name Niyonsaba Esperance (Niyonsaba = first, Esperance = last)
#   Goes by Espe at work. Already in ALIS as Niyonsaba Esperance.
#   Meredith must UPDATE that ALIS staff record email to e.esperance@cascadestucson.com
#
# Kasey Flores, Jahmeka Clarke, Gloria Williford -- not in ALIS; Meredith must add staff records.
#
# PasswordNeverExpires = $true during rollout.
# Run enable-caregiver-password-rotation.ps1 when ready to activate 30-day FGPP rotation.

$OU           = "OU=Caregivers,OU=Departments,DC=cascades,DC=local"
$Domain       = "cascadestucson.com"
$TempPassword = ConvertTo-SecureString "Cascades2026!" -AsPlainText -Force

$Caregivers = @(
    # --- Tue-Sat ---
    @{ First="Thelma";    Last="Abainza";         Sam="t.abainza"       },
    @{ First="Niel";      Last="Castro";           Sam="n.castro"        },
    @{ First="Espe";      Last="Esperance";        Sam="e.esperance"     },
    @{ First="Barb";      Last="Johnson";          Sam="b.johnson"       },
    @{ First="Kasey";     Last="Flores";           Sam="k.flores"        },
    @{ First="Richard";   Last="Flores";           Sam="r.flores"        },
    @{ First="Marie";     Last="Kastner";          Sam="m.kastner"       },
    @{ First="Bella";     Last="Mendoza";          Sam="b.mendoza"       },
    @{ First="Rosa";      Last="Morales";          Sam="r.morales"       },
    @{ First="Sandra";    Last="Padilla";          Sam="s.padilla"       },
    @{ First="Whisper";   Last="Reed";             Sam="w.reed"          },
    @{ First="Patricia";  Last="Sandoval-Beck";    Sam="p.sandoval-beck" },
    @{ First="Charity";   Last="Sika";             Sam="b.sika"          },
    # --- Sun-Thu (Christine Nyanzunda excluded -- already has accounts) ---
    @{ First="Juan";      Last="Andrade";          Sam="j.andrade"       },
    @{ First="Jahmeka";   Last="Clarke";           Sam="j.clarke"        },
    @{ First="Karina";    Last="Aziakpo";          Sam="k.aziakpo"       },
    @{ First="Jinnelle";  Last="Dittbenner";       Sam="j.dittbenner"    },
    @{ First="Agnes";     Last="McFerren";         Sam="a.mcferren"      },
    @{ First="Samuel";    Last="Ramirez";          Sam="s.ramirez"       },
    @{ First="Erica";     Last="Sanchez";          Sam="e.sanchez"       },
    @{ First="Katrina";   Last="Wyzykowski";       Sam="k.wyzykowski"    },
    @{ First="Corey";     Last="Tate";             Sam="c.tate"          },
    # --- Fri-Mon ---
    @{ First="Ashli";     Last="Atwood";           Sam="a.atwood"        },
    @{ First="Cole";      Last="Johnson";          Sam="c.johnson"       },
    @{ First="Roseline";  Last="Cooper";           Sam="r.cooper"        },
    @{ First="Monique";   Last="Lopez";            Sam="m.lopez"         },
    @{ First="Gloria";    Last="Williford";        Sam="g.williford"     },
    # --- Thu-Mon ---
    @{ First="Sarah";     Last="Carroll";          Sam="s.carroll"       },
    @{ First="Luke";      Last="Hogan";            Sam="l.hogan"         },
    @{ First="Gina";      Last="Williams";         Sam="g.williams"      },
    # --- Split / other ---
    @{ First="Jen";       Last="Higdon";           Sam="j.higdon"        },
    @{ First="Mary";      Last="Kariuki";          Sam="m.kariuki"       },
    @{ First="Celia";     Last="Lassey";           Sam="c.lassey"        },
    @{ First="Patricia";  Last="Camarena Doran";   Sam="p.doran"         },
    # --- PRN ---
    @{ First="Zeke";      Last="Huerta";           Sam="e.huerta"        },
    @{ First="Maia";      Last="Baker";            Sam="m.baker"         },
    @{ First="Ederick";   Last="Yuzon";            Sam="e.yuzon"         }
)

$created = 0
$failed  = 0
$skipped = 0

foreach ($c in $Caregivers) {
    $displayName = if ($c.Display) { $c.Display } else { "$($c.First) $($c.Last)" }
    $upn         = "$($c.Sam)@$Domain"

    if (Get-ADUser -Filter "SamAccountName -eq '$($c.Sam)'" -ErrorAction SilentlyContinue) {
        Write-Host "[SKIP] $displayName already exists ($($c.Sam))"
        $skipped++
        continue
    }

    try {
        New-ADUser `
            -Name                 $displayName `
            -GivenName            $c.First `
            -Surname              $c.Last `
            -SamAccountName       $c.Sam `
            -UserPrincipalName    $upn `
            -Path                 $OU `
            -AccountPassword      $TempPassword `
            -Enabled              $true `
            -ChangePasswordAtLogon $false `
            -PasswordNeverExpires  $true

        Write-Host "[OK] $displayName -- $upn"
        $created++
    }
    catch {
        Write-Host "[ERROR] $displayName -- $_"
        $failed++
    }
}

Write-Host ""
Write-Host ("Result: {0} created, {1} failed, {2} skipped (already existed)" -f $created, $failed, $skipped)
Write-Host "NOTE: No licenses assigned. No security group memberships set. Both are deliberate next steps."
Write-Host ""
Write-Host "ALIS actions needed (Meredith):"
Write-Host "  Espe Esperance   -- UPDATE existing ALIS record (listed as Niyonsaba Esperance), set email to e.esperance@cascadestucson.com"
Write-Host "  Kasey Flores     -- ADD new ALIS staff record, k.flores@cascadestucson.com"
Write-Host "  Jahmeka Clarke   -- ADD new ALIS staff record, j.clarke@cascadestucson.com"
Write-Host "  Gloria Williford -- ADD new ALIS staff record, g.williford@cascadestucson.com"