param($MonitoringServiceServerName = '<ServerName>',
$sql_port = 1433,
$MonitoringServiceAccount = 'accountname',
$MonitoringServiceADGroup = 'ADGRoup name if Monitoring Service is not explicitly defined on the targetrs' )

$WarningPreference = 'SilentlyContinue'
$ErrorActionPreference = 'SilentlyContinue'
$ProgressPreference = 'SilentlyContinue'

Import-Module ActiveDirectory
Import-Module DBATools

$Servers = Get-Content 'C:\<path to text file of servernames>'

<#########################
##########################
Other options to populate $Servers
 
Get-DBARegServer -SQLInstance <InstanceName>
Invoke-DBAQuery -SQLInstance <RepoServer> -Database <Repo DB> -query

#########################
#########################>



Describe "--> Preflight Checks for Monitoring Service Box $($MonitoringServiceServerName)" -Tags 'MonitoringServiceServer' {


        IT "Checking if Monitoring Service Account is Enabled and not LockedOut"{
            $ADUser = Get-ADUser $MonitoringServiceAccount.Split('\')[1] -Properties * | where-object{$_.LockedOut -eq $false -and $_.Enabled -eq $true}
            $ADUser | Should -BeTrue -Because "Monitoring Service Account should be enabled in Active Directory and verified account is not lockedout"
        }

        IT "WINRM Port Check" {    
            $winrm_result = Test-NetConnection -ComputerName $MonitoringServiceServerName -InformationLevel Quiet -CommonTCPPort WINRM 
            $winrm_result | Should -BeTrue 
        }
        
        IT "Checking if WinRM is running on Monitoring Service Box"{
            $WinRM = Test-WSMan -ComputerName $MonitoringServiceServerName
            $WinRM | should -BeTrue -Because "This test requires WinRm to complete successfully"

        }


}##Describe Block MonitoringServiceServer


Describe "--> Preflight Checks for Target Server " -Tags 'TargetServer' -ForEach $Servers {

        IT "WINRM Port Check on $($_)" {    
            $winrm_result = Test-NetConnection -ComputerName $_ -InformationLevel Quiet -CommonTCPPort WINRM 
            $winrm_result | Should -BeTrue 
        }

        IT "WinRM Service is running on $($_)"{
            $WinRM = Test-WSMan -ComputerName $_
            $WinRM | should -BeTrue -Because "This test requires WinRm to complete successfully"

        }

        IT "SQL Port Check $sql_port  on $($_)" {
            $port_sql = Test-NetConnection -ComputerName $_ -InformationLevel Quiet -Port $sql_port 
            $port_sql | Should -BeTrue -Because "SQL Port Must be Unblocked"
        }

        IT "WMI Port Check on $($_)" {
            $port_135 =  Test-NetConnection -ComputerName $_ -InformationLevel Quiet -Port 135
            $port_135 | Should -BeTrue -Because "SQL Sentry uses WMI and RPC to collect various metrics"
        }

        IT "SMB Port Check" {
            $port_445 =  Test-NetConnection -ComputerName $_ -InformationLevel Quiet -Port 445
            $port_445 | Should -BeTrue -Because "SQL Sentry uses SMB to collect various metrics"
        }

        IT "Dynamic TCP Port Check on $($_)" {
            $SesionID = New-CimSession -ComputerName $_
            $DynamicTCP = Get-NetTCPSetting -Setting Internet -CimSession $SesionID | Select-Object dynamicportrangestartport, dynamicportrangenumberofports 
            get-cimsession -ComputerName $_ | Remove-CimSession 
            $DynamicTCP.DynamicPortRangeStartPort | Should -Be 49152 -Because "SQL Sentry uses Dynamic ports to collect various metrics"
            $DynamicTCP.DynamicPortRangeNumberOfPorts | Should -Be 16384 -Because "SQL Sentry uses Dynamic ports in this range of ports to collect various metrics"
        }


        IT "WMI Connectivity and Latency From $($env:COMPUTERNAME)--> to Target--> $($_)"{
            $stopwatch =  [system.diagnostics.stopwatch]::StartNew()
            $Drives =  Get-WmiObject win32_volume -ComputerName $_ | Select-Object Name 
                foreach($Drive in $Drives)
                    {
                    Get-WmiObject win32_volume -ComputerName $_ | where-object{$_.name -eq $Drive.Name} | Out-Null
                    }
            $stopwatch.Stop()
            $stopwatch.ElapsedMilliseconds | Should -BeLessOrEqual 2000

        }

        IT "Checking that Monitoring Service Account... $($MonitoringServiceAccount) ...is Local Admin on Target $($_)"{
        $localAdminCheck = Invoke-Command -ComputerName $_ -Scriptblock {Get-LocalGroupMember -Group Administrators -Member $MonitoringServiceAccount} -ErrorAction SilentlyContinue
                if(!$localAdminCheck)
                    {$localAdminCheck = invoke-command -ComputerName $_ -Scriptblock{ $Admins =  net localgroup administrators
                                                                                                                 $Admins | where-object{$_ -cin ($Using:MonitoringServiceAccount, $Using:MonitoringServiceADGroup)}}}
            $localAdminCheck | Should -BeIn ($MonitoringServiceAccount,$MonitoringServiceADGroup) -Because "Please check that your monitoring Service account is Local Admin on the Target $($_)"

        }

        IT "Checking that Monitoring Service Account... $($MonitoringServiceAccount) ...is SysAdmin in SQL Server on Target $($_)"{
            $SysAdmin = Get-DbaServerRoleMember -SqlInstance $_ -ServerRole SysAdmin |  where-object{$_.name -eq $MonitoringServiceAccount -or $_.name -eq $MonitoringServiceADGroup}
            $sysAdmin.name | Should -BeIn ($MonitoringServiceAccount,$MonitoringServiceADGroup) 
        }



    }##Describe Block TargetServer