Param([Parameter(Mandatory=$true)]
      [string]$SQLSentryDBInstance,
      [Parameter(Mandatory=$true)]
      [string]$Domain
                   )

$VerbosePreference = 'SilentlyContinue'

##Determine if DBATools is loaded
 
 $LoadedDbaTools = get-module -name DBATools

 If(!$LoadedDbaTools)
    {
        Import-Module 'C:\Program Files\WindowsPowerShell\Modules\DBATools' -Force
    }else
        { Write-Verbose 'DBATools is loaded'}

<#########################
##########################
Using for testing 
$SQLSentryDBInstance = '<Sentry DB instance>'
$Domain = '<if needed for your environment and dependent on version of Sentry>'
##########################
##########################>


<#########################
##########################
##Use this only to create your password file
$Password = Read-Host 'Enter Password'
$Password | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File C:\Creds\passwordfile.txt
##########################
##########################>


$user = "domain\username"
$password = Get-Content C:\Creds\passwordfile.txt  | ConvertTo-SecureString

$credential = New-Object System.Management.Automation.PSCredential ($user, $password)


$AGServersQuery = "SELECT [PrimaryReplica], AG.GroupID,Name, AR.EventSourceConnectionID, AR.ReplicaServerName, AR.DomainName, E.ObjectName
  FROM [SQLSentry].[AlwaysOn].[AvailabilityGroup] AG
  JOIN [SQLSentry].[AlwaysOn].[AvailabilityReplica] AR on AG.GroupID = AR.GroupID
  JOIN [SQLSentry].[dbo].EventSourceConnection E on E.ID = AR.EventSourceConnectionID 
  Where e.IsWatched =1 and AR.DomainName = '$($Domain)'"

$AGServers = Invoke-DbaQuery -SqlInstance $SQLSentryDBInstance -Database SQLSentry -Query $AGServersQuery -SqlCredential $credential -EnableException



ForEach($Servername in $AGServers.ObjectName)
    {
        Write-host "Checking AG on- -> $($ServerName)" -ForegroundColor Red

        $IsPrimary = Get-DbaAgReplica -SqlInstance $ServerName -SqlCredential $credential | ?{$_.Role -eq 'Primary'} 

        if($IsPrimary.Role -eq 'Primary')
    
            {

        $Replicas = Get-DbaAgReplica -SqlInstance $ServerName  -SqlCredential $credential

        $PrimaryInstance = $Replicas | ?{$_.role -eq 'Primary'} | Select ComputerName
        $SecondaryInstance = $Replicas | ?{$_.role -eq 'Secondary'} | Select Name


        $PrimaryReplica =   Get-DbaLogin -SqlInstance $($PrimaryInstance.ComputerName) -ExcludeFilter '##*','NT *' -SqlCredential $credential| ?{$_.IsDisabled -eq $false} | select computername,  name 
        $SecondaryReplica = Get-DbaLogin -SqlInstance $($SecondaryInstance.Name)       -ExcludeFilter '##*','NT *'-SqlCredential $credential |?{$_.IsDisabled -eq $false}  | select computername, name


        $MissingLogins = Compare-Object -ReferenceObject $PrimaryReplica -DifferenceObject $SecondaryReplica  -Property Name -PassThru

        $Results = $MissingLogins | Select @{N='CurrentServer';E={$_.ComputerName}}, Name 

        $HTML = $Results  | ConvertTo-Html -Property CurrentServer, Name  -PreContent "<h2>Logins that are only on one Node of AG</h2>" -PostContent "<p>Creation Date: $(Get-Date)..<br>From SQL Sentry</br><p>"

        $DBMail = "DECLARE @email_recipients VARCHAR (MAX)
                    SET @email_recipients = 'DatabaseCSELab@solarwinds.com'  --Change email recipients here

			        EXEC msdb..sp_sentry_dbmail_20 
				        @profile_name = 'SqlSentry' ,
				        @recipients = @email_recipients, 
				        @subject = 'Need to Sync Logins for AG-->$($PrimaryInstance.ComputerName).. $($Replicas.AvailabilityGroup[0])',
				        @body = '$($HTML)',
				        @body_format = 'HTML', 
				        @execute_query_database = 'msdb'"


       Invoke-DbaQuery -SqlInstance $SQLSentryDBInstance -Database MSDB -Query $DBMail -SqlCredential $credential

        }

    } ##ForEach Block