DSCResources/DSC_SqlAGDatabase/DSC_SqlAGDatabase.psm1

$script:sqlServerDscHelperModulePath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\SqlServerDsc.Common'
$script:resourceHelperModulePath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\DscResource.Common'

Import-Module -Name $script:sqlServerDscHelperModulePath
Import-Module -Name $script:resourceHelperModulePath

$script:localizedData = Get-LocalizedData -DefaultUICulture 'en-US'

<#
    .SYNOPSIS
        Gets the database membership of the specified availability group.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER ServerName
        Hostname of the SQL Server where the primary replica of the availability group lives. If the
        availability group is not currently on this server, the resource will attempt to connect to the
        server where the primary replica lives.
 
    .PARAMETER InstanceName
        Name of the SQL instance where the primary replica of the availability group lives. If the
        availability group is not currently on this instance, the resource will attempt to connect to
        the instance where the primary replica lives.
 
    .PARAMETER AvailabilityGroupName
        The name of the availability group in which to manage the database membership(s).
 
    .PARAMETER BackupPath
        The path used to seed the availability group replicas. This should be a path that is accessible
        by all of the replicas.
#>

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $ServerName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InstanceName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AvailabilityGroupName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $BackupPath
    )

    # Create an object that reflects the current configuration
    $currentConfiguration = @{
        DatabaseName          = @()
        ServerName            = $ServerName
        InstanceName          = $InstanceName
        AvailabilityGroupName = ''
        BackupPath            = ''
        Ensure                = ''
        Force                 = $false
        MatchDatabaseOwner    = $false
        ReplaceExisting       = $false
        IsActiveNode          = $false
    }

    # Connect to the instance
    $serverObject = Connect-SQL -ServerName $ServerName -InstanceName $InstanceName

    # Is this node actively hosting the SQL instance?
    $currentConfiguration.IsActiveNode = Test-ActiveNode -ServerObject $serverObject

    # Get the Availability group object
    $availabilityGroup = $serverObject.AvailabilityGroups[$AvailabilityGroupName]

    if ( $availabilityGroup )
    {
        $currentConfiguration.AvailabilityGroupName = $AvailabilityGroupName

        # Get the databases in the availability group
        $currentConfiguration.DatabaseName = [string[]] ($availabilityGroup.AvailabilityDatabases | Select-Object -ExpandProperty Name)
    }
    else
    {
        Write-Verbose -Message ($script:localizedData.AvailabilityGroupDoesNotExist -f $AvailabilityGroupName)
    }

    return $currentConfiguration
}

<#
    .SYNOPSIS
        Adds or removes databases to the specified availability group.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER ServerName
        Hostname of the SQL Server where the primary replica of the availability group lives. If the
        availability group is not currently on this server, the resource will attempt to connect to the
        server where the primary replica lives.
 
    .PARAMETER InstanceName
        Name of the SQL instance where the primary replica of the availability group lives. If the
        availability group is not currently on this instance, the resource will attempt to connect to
        the instance where the primary replica lives.
 
    .PARAMETER AvailabilityGroupName
        The name of the availability group in which to manage the database membership(s).
 
    .PARAMETER BackupPath
        The path used to seed the availability group replicas. This should be a path that is accessible
        by all of the replicas.
 
    .PARAMETER Ensure
        Specifies the membership of the database(s) in the availability group. The options are:
 
            - Present: The defined database(s) are added to the availability group. All other
                        databases that may be a member of the availability group are ignored.
            - Absent: The defined database(s) are removed from the availability group. All other
                        databases that may be a member of the availability group are ignored.
 
        The default is 'Present'.
 
    .PARAMETER Force
        When used with "Ensure = 'Present'" it ensures the specified database(s) are the only databases
        that are a member of the specified Availability Group.
 
        This parameter is ignored when 'Ensure' is 'Absent'.
 
    .PARAMETER MatchDatabaseOwner
        If set to $true, this ensures the database owner of the database on the primary replica is the
        owner of the database on all secondary replicas. This requires the database owner is available
        as a login on all replicas and that the PsDscRunAsCredential has impersonate any login, control
        server, impersonate login, or control login permissions.
 
        If set to $false, the owner of the database will be the PsDscRunAsCredential.
 
        The default is '$false'.
 
    .PARAMETER ReplaceExisting
        If set to $true, this adds the restore option WITH REPLACE.
        If set to $false, Existing databases and files will block the restore and throw error.
        The default is '$false'.
 
    .PARAMETER ProcessOnlyOnActiveNode
        Specifies that the resource will only determine if a change is needed if the target node is the active host of the SQL Server Instance.
        Not used in Set-TargetResource.
#>

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $ServerName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InstanceName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AvailabilityGroupName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $BackupPath,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Boolean]
        $Force,

        [Parameter()]
        [System.Boolean]
        $MatchDatabaseOwner,

        [Parameter()]
        [System.Boolean]
        $ReplaceExisting,

        [Parameter()]
        [System.Boolean]
        $ProcessOnlyOnActiveNode
    )

    Import-SQLPSModule

    # Connect to the defined instance
    $serverObject = Connect-SQL -ServerName $ServerName -InstanceName $InstanceName

    # Get the Availability Group
    $availabilityGroup = $serverObject.AvailabilityGroups[$AvailabilityGroupName]

    # Make sure we're communicating with the primary replica in order to make changes to the replica
    $primaryServerObject = Get-PrimaryReplicaServerObject -ServerObject $serverObject -AvailabilityGroup $availabilityGroup

    $getDatabasesToAddToAvailabilityGroupParameters = @{
        DatabaseName      = $DatabaseName
        Ensure            = $Ensure
        ServerObject      = $primaryServerObject
        AvailabilityGroup = $availabilityGroup
    }

    $databasesToAddToAvailabilityGroup = Get-DatabasesToAddToAvailabilityGroup @getDatabasesToAddToAvailabilityGroupParameters

    $getDatabasesToRemoveFromAvailabilityGroupParameters = @{
        DatabaseName      = $DatabaseName
        Ensure            = $Ensure
        Force             = $Force
        ServerObject      = $primaryServerObject
        AvailabilityGroup = $availabilityGroup
    }

    $databasesToRemoveFromAvailabilityGroup = Get-DatabasesToRemoveFromAvailabilityGroup @getDatabasesToRemoveFromAvailabilityGroupParameters

    # Create a hash table to store the databases that failed to be added to the Availability Group
    $databasesToAddFailures = @{}

    # Create a hash table to store the databases that failed to be removed from the Availability Group
    $databasesToRemoveFailures = @{}

    if ( $databasesToAddToAvailabilityGroup.Count -gt 0 )
    {
        Write-Verbose -Message ($script:localizedData.AddingDatabasesToAvailabilityGroup -f $AvailabilityGroupName, ( $databasesToAddToAvailabilityGroup -join ', ' ))

        # Get only the secondary replicas. Some tests do not need to be performed on the primary replica
        $secondaryReplicas = $availabilityGroup.AvailabilityReplicas | Where-Object -FilterScript { $_.Role -ne 'Primary' }

        foreach ( $databaseToAddToAvailabilityGroup in $databasesToAddToAvailabilityGroup )
        {
            $databaseObject = $primaryServerObject.Databases[$databaseToAddToAvailabilityGroup]

            # Ensure the appropriate permissions are in place on all the replicas
            if ( $MatchDatabaseOwner )
            {
                $impersonatePermissionsStatus = @{}

                foreach ( $availabilityGroupReplica in $secondaryReplicas )
                {
                    $currentAvailabilityGroupReplicaServerObject = Connect-SQL -ServerName $availabilityGroupReplica.Name
                    $impersonatePermissionsStatus.Add(
                        $availabilityGroupReplica.Name,
                        ( Test-ImpersonatePermissions -ServerObject $currentAvailabilityGroupReplicaServerObject -Securable $databaseObject.Owner )
                    )
                }

                if ( $impersonatePermissionsStatus.Values -contains $false )
                {
                    $impersonatePermissionsMissingParameters = @(
                        [System.Security.Principal.WindowsIdentity]::GetCurrent().Name,
                        ( ( $impersonatePermissionsStatus.GetEnumerator() | Where-Object -FilterScript { -not $_.Value } | Select-Object -ExpandProperty Key ) -join ', ' )
                    )
                    throw ($script:localizedData.ImpersonatePermissionsMissing -f $impersonatePermissionsMissingParameters )
                }
            }
        }

        foreach ( $databaseToAddToAvailabilityGroup in $databasesToAddToAvailabilityGroup )
        {
            $databaseObject = $primaryServerObject.Databases[$databaseToAddToAvailabilityGroup]

            <#
                Verify the prerequisites prior to joining the database to the availability group
                https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/prereqs-restrictions-recommendations-always-on-availability#a-nameprerequisitesfordbsa-availability-database-prerequisites-and-restrictions
            #>


            # Create a hash table to store prerequisite check failures
            $prerequisiteCheckFailures = @()

            $prerequisiteChecks = @{
                RecoveryModel         = 'Full'
                ReadOnly              = $false
                UserAccess            = 'Multiple'
                AutoClose             = $false
                AvailabilityGroupName = ''
                IsMirroringEnabled    = $false
            }

            foreach ( $prerequisiteCheck in $prerequisiteChecks.GetEnumerator() )
            {
                if ( $databaseObject.($prerequisiteCheck.Key) -ne $prerequisiteCheck.Value )
                {
                    $prerequisiteCheckFailures += "$($prerequisiteCheck.Key) is not $($prerequisiteCheck.Value)."
                }
            }

            # Cannot be a system database
            if ( $databaseObject.ID -le 4 )
            {
                $prerequisiteCheckFailures += 'The database cannot be a system database.'
            }

            # If FILESTREAM is enabled, ensure FILESTREAM is enabled on all replica instances
            if (
                ( -not [System.String]::IsNullOrEmpty($databaseObject.DefaultFileStreamFileGroup) ) `
                    -or ( -not [System.String]::IsNullOrEmpty($databaseObject.FilestreamDirectoryName) ) `
                    -or ( $databaseObject.FilestreamNonTransactedAccess -ne 'Off' )
            )
            {
                $availabilityReplicaFilestreamLevel = @{}
                foreach ( $availabilityGroupReplica in $secondaryReplicas )
                {
                    $connectSqlParameters = Split-FullSqlInstanceName -FullSqlInstanceName $availabilityGroupReplica.Name
                    $currentAvailabilityGroupReplicaServerObject = Connect-SQL @connectSqlParameters
                    $availabilityReplicaFilestreamLevel.Add($availabilityGroupReplica.Name, $currentAvailabilityGroupReplicaServerObject.FilestreamLevel)
                }

                if ( $availabilityReplicaFilestreamLevel.Values -contains 'Disabled' )
                {
                    $availabilityReplicaFilestreamLevelDisabled = $availabilityReplicaFilestreamLevel.GetEnumerator() |
                        Where-Object -FilterScript { $_.Value -eq 'Disabled' } |
                        Select-Object -ExpandProperty Key

                    $prerequisiteCheckFailures += ( 'Filestream is disabled on the following instances: {0}' -f ( $availabilityReplicaFilestreamLevelDisabled -join ', ' ) )
                }
            }

            # If the database is contained, ensure contained database authentication is enabled on all replica instances
            if ( $databaseObject.ContainmentType -ne 'None' )
            {
                $availabilityReplicaContainmentEnabled = @{}
                foreach ( $availabilityGroupReplica in $secondaryReplicas )
                {
                    $connectSqlParameters = Split-FullSqlInstanceName -FullSqlInstanceName $availabilityGroupReplica.Name
                    $currentAvailabilityGroupReplicaServerObject = Connect-SQL @connectSqlParameters
                    $availabilityReplicaContainmentEnabled.Add($availabilityGroupReplica.Name, $currentAvailabilityGroupReplicaServerObject.Configuration.ContainmentEnabled.ConfigValue)
                }

                if ( $availabilityReplicaContainmentEnabled.Values -notcontains 'None' )
                {
                    $availabilityReplicaContainmentNotEnabled = $availabilityReplicaContainmentEnabled.GetEnumerator() |
                        Where-Object -FilterScript { $_.Value -eq 'None' } |
                        Select-Object -ExpandProperty Key

                    $prerequisiteCheckFailures += ( 'Contained Database Authentication is not enabled on the following instances: {0}' -f ( $availabilityReplicaContainmentNotEnabled -join ', ' ) )
                }
            }

            # Ensure the data and log file paths exist on all replicas
            $databaseFileDirectories = @()
            $databaseFileDirectories += $databaseObject.FileGroups.Files.FileName | ForEach-Object -Process { Split-Path -Path $_ -Parent }
            $databaseFileDirectories += $databaseObject.LogFiles.FileName | ForEach-Object -Process { Split-Path -Path $_ -Parent }
            $databaseFileDirectories = $databaseFileDirectories | Select-Object -Unique

            $availabilityReplicaMissingDirectories = @{}
            foreach ( $availabilityGroupReplica in $secondaryReplicas )
            {
                $connectSqlParameters = Split-FullSqlInstanceName -FullSqlInstanceName $availabilityGroupReplica.Name
                $currentAvailabilityGroupReplicaServerObject = Connect-SQL @connectSqlParameters

                $missingDirectories = @()
                foreach ( $databaseFileDirectory in $databaseFileDirectories )
                {
                    $fileExistsQuery = "EXEC master.dbo.xp_fileexist '$databaseFileDirectory'"
                    $fileExistsResult = Invoke-Query -ServerName $currentAvailabilityGroupReplicaServerObject.NetName -InstanceName $currentAvailabilityGroupReplicaServerObject.ServiceName -Database master -Query $fileExistsQuery -WithResults

                    if ( $fileExistsResult.Tables.Rows.'File is a Directory' -ne 1 )
                    {
                        $missingDirectories += $databaseFileDirectory
                    }
                }

                if ( $missingDirectories.Count -gt 0 )
                {
                    $availabilityReplicaMissingDirectories.Add($availabilityGroupReplica, ( $missingDirectories -join ', ' ))
                }
            }

            if ( $availabilityReplicaMissingDirectories.Count -gt 0 )
            {
                foreach ( $availabilityReplicaMissingDirectory in $availabilityReplicaMissingDirectories.GetEnumerator() )
                {
                    $prerequisiteCheckFailures += "The instance '$($availabilityReplicaMissingDirectory.Key.Name)' is missing the following directories: $($availabilityReplicaMissingDirectory.Value)"
                }
            }

            # If the database is TDE'd, ensure the certificate or asymmetric key is installed on all replicas
            if ( $databaseObject.EncryptionEnabled )
            {
                $databaseCertificateThumbprint = [System.BitConverter]::ToString($databaseObject.DatabaseEncryptionKey.Thumbprint)
                $databaseCertificateName = $databaseObject.DatabaseEncryptionKey.EncryptorName

                $availabilityReplicaMissingCertificates = @{}
                foreach ( $availabilityGroupReplica in $secondaryReplicas )
                {
                    $connectSqlParameters = Split-FullSqlInstanceName -FullSqlInstanceName $availabilityGroupReplica.Name
                    $currentAvailabilityGroupReplicaServerObject = Connect-SQL @connectSqlParameters

                    [System.Array] $installedCertificateThumbprints = $currentAvailabilityGroupReplicaServerObject.Databases['master'].Certificates |
                        ForEach-Object -Process { [System.BitConverter]::ToString($_.Thumbprint) }

                    if ( $installedCertificateThumbprints -notcontains $databaseCertificateThumbprint )
                    {
                        $availabilityReplicaMissingCertificates.Add($availabilityGroupReplica, $databaseCertificateName)
                    }
                }

                if ( $availabilityReplicaMissingCertificates.Count -gt 0 )
                {
                    foreach ( $availabilityReplicaMissingCertificate in $availabilityReplicaMissingCertificates.GetEnumerator() )
                    {
                        $prerequisiteCheckFailures += "The instance '$($availabilityReplicaMissingCertificate.Key.Name)' is missing the following certificates: $($availabilityReplicaMissingCertificate.Value)"
                    }
                }
            }

            <#
                Determine whether SEEDING_MODE = for all replicas is Automatic or Manual. If all replicas are Automatic, a restore is not needed.
                When the database is fresh, and never backuped before, a backup is still needed.
            #>

            $backupNeeded = $false
            $restoreNeeded = $false

            foreach ( $availabilityGroupReplica in $secondaryReplicas )
            {
                if ( $availabilityGroupReplica.SeedingMode -eq 'Manual')
                {
                    $backupNeeded = $true
                    $restoreNeeded = $true
                }
            }

            if ( $backupNeeded -eq $false)
            {
                <#
                    Because an availability group can only be made when the database has at least one backup,
                    if there is no backup, create one. This backup is not needed for restore, only the initial setup
                    of the LSN in the database is needed
                #>

                if ( $primaryServerObject.Databases[$databaseToAddToAvailabilityGroup].CreateDate -gt $primaryServerObject.Databases[$databaseToAddToAvailabilityGroup].LastBackupDate)
                {
                    $needsBackup = $true
                }
            }

            if ( $prerequisiteCheckFailures.Count -eq 0 )
            {
                if ( $backupNeeded)
                {
                    $databaseFullBackupFile = Join-Path -Path $BackupPath -ChildPath "$($databaseObject.Name)_Full_$(Get-Date -Format 'yyyyMMddhhmmss').bak"
                    $databaseLogBackupFile = Join-Path -Path $BackupPath -ChildPath "$($databaseObject.Name)_Log_$(Get-Date -Format 'yyyyMMddhhmmss').trn"

                    # Build the backup parameters. If no backup was previously taken, a standard full will be taken. Otherwise a CopyOnly backup will be taken.
                    $backupSqlDatabaseParameters = @{
                        DatabaseObject = $databaseObject
                        BackupAction   = 'Database'
                        BackupFile     = $databaseFullBackupFile
                        ErrorAction    = 'Stop'
                    }

                    # If database object last backup data not equal to 0 then backup with CopyOnly.
                    if ( $databaseObject.LastBackupDate -ne 0 )
                    {
                        $backupSqlDatabaseParameters.Add('CopyOnly', $true)
                    }

                    try
                    {
                        Backup-SqlDatabase @backupSqlDatabaseParameters
                    }
                    catch
                    {
                        # Log the failure
                        $databasesToAddFailures.Add($databaseToAddToAvailabilityGroup, $_.Exception)

                        # Move on to the next database
                        continue
                    }

                    # Create the parameters to perform a transaction log backup
                    $backupSqlDatabaseLogParams = @{
                        DatabaseObject = $databaseObject
                        BackupAction   = 'Log'
                        BackupFile     = $databaseLogBackupFile
                        ErrorAction    = 'Stop'
                    }

                    try
                    {
                        Backup-SqlDatabase @backupSqlDatabaseLogParams
                    }
                    catch
                    {
                        # Log the failure
                        $databasesToAddFailures.Add($databaseToAddToAvailabilityGroup, $_.Exception)

                        # Move on to the next database
                        continue
                    }
                }

                # Add the database to the availability group on the primary instance
                try
                {
                    Add-SqlAvailabilityDatabase -InputObject $availabilityGroup -Database $databaseToAddToAvailabilityGroup
                }
                catch
                {
                    # Log the failure
                    $databasesToAddFailures.Add($databaseToAddToAvailabilityGroup, $_.Exception)

                    # Move on to the next database
                    continue
                }

                if ( $restoreNeeded)
                {
                    # Need to restore the database with a query in order to impersonate the correct login
                    $restoreDatabaseQueryStringBuilder = New-Object -TypeName System.Text.StringBuilder

                    if ( $MatchDatabaseOwner )
                    {
                        $restoreDatabaseQueryStringBuilder.Append('EXECUTE AS LOGIN = ''') | Out-Null
                        $restoreDatabaseQueryStringBuilder.Append($databaseObject.Owner) | Out-Null
                        $restoreDatabaseQueryStringBuilder.AppendLine('''') | Out-Null
                    }

                    $restoreDatabaseQueryStringBuilder.Append('RESTORE DATABASE [') | Out-Null
                    $restoreDatabaseQueryStringBuilder.Append($databaseToAddToAvailabilityGroup) | Out-Null
                    $restoreDatabaseQueryStringBuilder.AppendLine(']') | Out-Null
                    $restoreDatabaseQueryStringBuilder.Append('FROM DISK = ''') | Out-Null
                    $restoreDatabaseQueryStringBuilder.Append($databaseFullBackupFile) | Out-Null
                    $restoreDatabaseQueryStringBuilder.AppendLine('''') | Out-Null
                    $restoreDatabaseQueryStringBuilder.Append('WITH NORECOVERY') | Out-Null

                    if ( $ReplaceExisting )
                    {
                        $restoreDatabaseQueryStringBuilder.Append(',REPLACE') | Out-Null
                    }

                    if ( $MatchDatabaseOwner )
                    {
                        $restoreDatabaseQueryStringBuilder.AppendLine() | Out-Null
                        $restoreDatabaseQueryStringBuilder.Append('REVERT') | Out-Null
                    }
                    $restoreDatabaseQueryString = $restoreDatabaseQueryStringBuilder.ToString()

                    # Need to restore the database with a query in order to impersonate the correct login
                    $restoreLogQueryStringBuilder = New-Object -TypeName System.Text.StringBuilder

                    if ( $MatchDatabaseOwner )
                    {
                        $restoreLogQueryStringBuilder.Append('EXECUTE AS LOGIN = ''') | Out-Null
                        $restoreLogQueryStringBuilder.Append($databaseObject.Owner) | Out-Null
                        $restoreLogQueryStringBuilder.AppendLine('''') | Out-Null
                    }

                    $restoreLogQueryStringBuilder.Append('RESTORE DATABASE [') | Out-Null
                    $restoreLogQueryStringBuilder.Append($databaseToAddToAvailabilityGroup) | Out-Null
                    $restoreLogQueryStringBuilder.AppendLine(']') | Out-Null
                    $restoreLogQueryStringBuilder.Append('FROM DISK = ''') | Out-Null
                    $restoreLogQueryStringBuilder.Append($databaseLogBackupFile) | Out-Null
                    $restoreLogQueryStringBuilder.AppendLine('''') | Out-Null
                    $restoreLogQueryStringBuilder.Append('WITH NORECOVERY') | Out-Null

                    if ( $MatchDatabaseOwner )
                    {
                        $restoreLogQueryStringBuilder.AppendLine() | Out-Null
                        $restoreLogQueryStringBuilder.Append('REVERT') | Out-Null
                    }

                    $restoreLogQueryString = $restoreLogQueryStringBuilder.ToString()
                }

                try
                {
                    foreach ( $availabilityGroupReplica in $secondaryReplicas )
                    {
                        # Connect to the replica
                        $connectSqlParameters = Split-FullSqlInstanceName -FullSqlInstanceName $availabilityGroupReplica.Name
                        $currentAvailabilityGroupReplicaServerObject = Connect-SQL @connectSqlParameters
                        $currentReplicaAvailabilityGroupObject = $currentAvailabilityGroupReplicaServerObject.AvailabilityGroups[$AvailabilityGroupName]

                        if ( $availabilityGroupReplica.SeedingMode -eq 'MANUAL')
                        {
                            # Restore the database
                            Invoke-Query -ServerName $currentAvailabilityGroupReplicaServerObject.NetName -InstanceName $currentAvailabilityGroupReplicaServerObject.ServiceName -Database master -Query $restoreDatabaseQueryString -StatementTimeout 0
                            Invoke-Query -ServerName $currentAvailabilityGroupReplicaServerObject.NetName -InstanceName $currentAvailabilityGroupReplicaServerObject.ServiceName -Database master -Query $restoreLogQueryString -StatementTimeout 0
                        }

                        # Add the database to the Availability Group
                        Add-SqlAvailabilityDatabase -InputObject $currentReplicaAvailabilityGroupObject -Database $databaseToAddToAvailabilityGroup
                    }
                }
                catch
                {
                    # Log the failure
                    $databasesToAddFailures.Add($databaseToAddToAvailabilityGroup, $_.Exception)

                    # Move on to the next database
                    continue
                }
                finally
                {
                    # When a backup was made, it should be removed.
                    if ( $backupNeeded)
                    {
                        # Clean up the backup files
                        Remove-Item -Path $databaseFullBackupFile, $databaseLogBackupFile -Force -ErrorAction Continue
                    }
                }
            }
            else
            {
                $databasesToAddFailures.Add($databaseToAddToAvailabilityGroup, "The following prerequisite checks failed: $( $prerequisiteCheckFailures -join "`r`n" )" )
            }
        }
    }

    if ($databasesToRemoveFromAvailabilityGroup.Count -gt 0)
    {
        Write-Verbose -Message ($script:localizedData.RemovingDatabasesToAvailabilityGroup -f $AvailabilityGroupName, ( $databasesToRemoveFromAvailabilityGroup -join ', ' ))

        foreach ($databaseNameToRemove in $databasesToRemoveFromAvailabilityGroup)
        {
            $availabilityDatabase = $primaryServerObject.AvailabilityGroups[$AvailabilityGroupName].AvailabilityDatabases[$databaseNameToRemove]

            try
            {
                Remove-SqlAvailabilityDatabase -InputObject $availabilityDatabase -ErrorAction 'Stop'
            }
            catch
            {
                $databasesToRemoveFailures.Add($databaseNameToRemove, 'Failed to remove the database from the availability group.')
            }
        }
    }

    # Combine the failures into one error message and throw it here. Doing this will allow all the databases that can be processes to be processed and will still show that applying the configuration failed
    if ( ( $databasesToAddFailures.Count -gt 0 ) -or ( $databasesToRemoveFailures.Count -gt 0 ) )
    {
        $formatArgs = @()
        foreach ( $failure in ( $databasesToAddFailures.GetEnumerator() + $databasesToRemoveFailures.GetEnumerator() ) )
        {
            $formatArgs += "The operation on the database '$($failure.Key)' failed with the following errors: $($failure.Value -join "`r`n")"
        }

        throw ($script:localizedData.AlterAvailabilityGroupDatabaseMembershipFailure -f $formatArgs )
    }
}

<#
    .SYNOPSIS
        Tests the database membership of the specified Availability Group.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER ServerName
        Hostname of the SQL Server where the primary replica of the availability group lives. If the
        availability group is not currently on this server, the resource will attempt to connect to the
        server where the primary replica lives.
 
    .PARAMETER InstanceName
        Name of the SQL instance where the primary replica of the availability group lives. If the
        availability group is not currently on this instance, the resource will attempt to connect to
        the instance where the primary replica lives.
 
    .PARAMETER AvailabilityGroupName
        The name of the availability group in which to manage the database membership(s).
 
    .PARAMETER BackupPath
        The path used to seed the availability group replicas. This should be a path that is accessible
        by all of the replicas.
 
    .PARAMETER Ensure
        Specifies the membership of the database(s) in the availability group. The options are:
 
            - Present: The defined database(s) are added to the availability group. All other
                        databases that may be a member of the availability group are ignored.
            - Absent: The defined database(s) are removed from the availability group. All other
                        databases that may be a member of the availability group are ignored.
 
        The default is 'Present'.
 
    .PARAMETER Force
        When used with "Ensure = 'Present'" it ensures the specified database(s) are the only databases
        that are a member of the specified Availability Group.
 
        This parameter is ignored when 'Ensure' is 'Absent'.
 
    .PARAMETER MatchDatabaseOwner
        If set to $true, this ensures the database owner of the database on the primary replica is the
        owner of the database on all secondary replicas. This requires the database owner is available
        as a login on all replicas and that the PsDscRunAsCredential has impersonate any login, control
        server, impersonate login, or control login permissions.
 
        If set to $false, the owner of the database will be the PsDscRunAsCredential.
 
        The default is '$false'.
 
    .PARAMETER ReplaceExisting
        If set to $true, this adds the restore option WITH REPLACE.
        If set to $false, Existing databases and files will block the restore and throw error.
        The default is '$false'.
 
    .PARAMETER ProcessOnlyOnActiveNode
        Specifies that the resource will only determine if a change is needed if the target node is the active host of the SQL Server Instance.
#>

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $ServerName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InstanceName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AvailabilityGroupName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $BackupPath,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Boolean]
        $Force,

        [Parameter()]
        [System.Boolean]
        $MatchDatabaseOwner,

        [Parameter()]
        [System.Boolean]
        $ReplaceExisting,

        [Parameter()]
        [System.Boolean]
        $ProcessOnlyOnActiveNode
    )

    $configurationInDesiredState = $true

    $getTargetResourceParameters = @{
        DatabaseName          = $DatabaseName
        ServerName            = $ServerName
        InstanceName          = $InstanceName
        AvailabilityGroupName = $AvailabilityGroupName
        BackupPath            = $BackupPath
    }
    $currentConfiguration = Get-TargetResource @getTargetResourceParameters

    <#
        If this is supposed to process only the active node, and this is not the
        active node, don't bother evaluating the test.
    #>

    if ( $ProcessOnlyOnActiveNode -and -not $currentConfiguration.IsActiveNode )
    {
        Write-Verbose -Message ( $script:localizedData.NotActiveNode -f (Get-ComputerName), $InstanceName )
        return $configurationInDesiredState
    }

    # Connect to the defined instance
    $serverObject = Connect-SQL -ServerName $ServerName -InstanceName $InstanceName

    # Get the Availability Group if it exists
    if ( -not [System.String]::IsNullOrEmpty($currentConfiguration.AvailabilityGroupName) )
    {
        $availabilityGroup = $serverObject.AvailabilityGroups[$AvailabilityGroupName]

        # Make sure we're communicating with the primary replica in order to make changes to the replica
        $primaryServerObject = Get-PrimaryReplicaServerObject -ServerObject $serverObject -AvailabilityGroup $availabilityGroup

        $matchingDatabaseNames = Get-MatchingDatabaseNames -DatabaseName $DatabaseName -ServerObject $primaryServerObject
        $databasesNotFoundOnTheInstance = @()

        if ( ( $Ensure -eq 'Present' ) -and $matchingDatabaseNames.Count -eq 0 )
        {
            $configurationInDesiredState = $false
            Write-Verbose -Message ($script:localizedData.DatabasesNotFound -f ($DatabaseName -join ', '))
        }
        else
        {
            $databasesNotFoundOnTheInstance = Get-DatabaseNamesNotFoundOnTheInstance -DatabaseName $DatabaseName -MatchingDatabaseNames $matchingDatabaseNames

            # If the databases specified are not present on the instance and the desired state is not Absent
            if ( ( $databasesNotFoundOnTheInstance.Count -gt 0 ) -and ( $Ensure -ne 'Absent' ) )
            {
                $configurationInDesiredState = $false
                Write-Verbose -Message ($script:localizedData.DatabasesNotFound -f ( $databasesNotFoundOnTheInstance -join ', ' ))
            }

            $getDatabasesToAddToAvailabilityGroupParameters = @{
                DatabaseName      = $DatabaseName
                Ensure            = $Ensure
                ServerObject      = $primaryServerObject
                AvailabilityGroup = $availabilityGroup
            }
            $databasesToAddToAvailabilityGroup = Get-DatabasesToAddToAvailabilityGroup @getDatabasesToAddToAvailabilityGroupParameters

            if ( $databasesToAddToAvailabilityGroup.Count -gt 0 )
            {
                $configurationInDesiredState = $false
                Write-Verbose -Message ($script:localizedData.DatabaseShouldBeMember -f $AvailabilityGroupName, ( $databasesToAddToAvailabilityGroup -join ', ' ))
            }

            $getDatabasesToRemoveFromAvailabilityGroupParameters = @{
                DatabaseName      = $DatabaseName
                Ensure            = $Ensure
                Force             = $Force
                ServerObject      = $primaryServerObject
                AvailabilityGroup = $availabilityGroup
            }
            $databasesToRemoveFromAvailabilityGroup = Get-DatabasesToRemoveFromAvailabilityGroup @getDatabasesToRemoveFromAvailabilityGroupParameters

            if ( $databasesToRemoveFromAvailabilityGroup.Count -gt 0 )
            {
                $configurationInDesiredState = $false
                Write-Verbose -Message ($script:localizedData.DatabaseShouldNotBeMember -f $AvailabilityGroupName, ( $databasesToRemoveFromAvailabilityGroup -join ', ' ))
            }
        }
    }
    else
    {
        $configurationInDesiredState = $false
        Write-Verbose -Message ($script:localizedData.AvailabilityGroupDoesNotExist -f ($DatabaseName -join ', '))
    }

    return $configurationInDesiredState
}

<#
    .SYNOPSIS
        Get the databases that should be members of the Availability Group.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER Ensure
        Specifies the membership of the database(s) in the availability group. The options are:
 
            - Present: The defined database(s) are added to the availability group. All other
                        databases that may be a member of the availability group are ignored.
            - Absent: The defined database(s) are removed from the availability group. All other
                        databases that may be a member of the availability group are ignored.
 
    .PARAMETER ServerObject
        The server object the databases should be in.
 
    .PARAMETER AvailabilityGroup
        The availability group object the databases should be a member of.
#>

function Get-DatabasesToAddToAvailabilityGroup
{
    [CmdletBinding()]
    param
    (
        [Parameter()]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $Ensure,

        [Parameter(Mandatory = $true)]
        [Microsoft.SqlServer.Management.Smo.Server]
        $ServerObject,

        [Parameter(Mandatory = $true)]
        [Microsoft.SqlServer.Management.Smo.AvailabilityGroup]
        $AvailabilityGroup
    )

    $matchingDatabaseNames = Get-MatchingDatabaseNames -DatabaseName $DatabaseName -ServerObject $ServerObject

    # This is a hack to allow Compare-Object to work on an empty object
    if ( $null -eq $matchingDatabaseNames )
    {
        $MatchingDatabaseNames = @('')
    }

    $databasesInAvailabilityGroup = $AvailabilityGroup.AvailabilityDatabases | Select-Object -ExpandProperty Name

    # This is a hack to allow Compare-Object to work on an empty object
    if ( $null -eq $databasesInAvailabilityGroup )
    {
        $databasesInAvailabilityGroup = @('')
    }

    $comparisonResult = Compare-Object -ReferenceObject $matchingDatabaseNames -DifferenceObject $databasesInAvailabilityGroup
    $databasesToAddToAvailabilityGroup = @()

    if ( $Ensure -eq 'Present' )
    {
        $databasesToAddToAvailabilityGroup = $comparisonResult | Where-Object -FilterScript { $_.SideIndicator -eq '<=' } | Select-Object -ExpandProperty InputObject
    }

    return $databasesToAddToAvailabilityGroup
}

<#
    .SYNOPSIS
        Get the databases that should not be members of the Availability Group.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER Ensure
        Specifies the membership of the database(s) in the availability group. The options are:
 
            - Present: The defined database(s) are added to the availability group. All other
                        databases that may be a member of the availability group are ignored.
            - Absent: The defined database(s) are removed from the availability group. All other
                        databases that may be a member of the availability group are ignored.
 
    .PARAMETER Force
        When used with "Ensure = 'Present'" it ensures the specified database(s) are the only databases
        that are a member of the specified Availability Group.
 
        This parameter is ignored when 'Ensure' is 'Absent'.
 
    .PARAMETER ServerObject
        The server object the databases should not be in.
 
    .PARAMETER AvailabilityGroup
        The availability group object the databases should not be a member of.
#>

function Get-DatabasesToRemoveFromAvailabilityGroup
{
    [CmdletBinding()]
    param
    (
        [Parameter()]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [System.String]
        $Ensure,

        [Parameter()]
        [System.Boolean]
        $Force,

        [Parameter(Mandatory = $true)]
        [Microsoft.SqlServer.Management.Smo.Server]
        $ServerObject,

        [Parameter(Mandatory = $true)]
        [Microsoft.SqlServer.Management.Smo.AvailabilityGroup]
        $AvailabilityGroup
    )

    $matchingDatabaseNames = Get-MatchingDatabaseNames -DatabaseName $DatabaseName -ServerObject $ServerObject


    if ( $null -eq $matchingDatabaseNames )
    {
        $MatchingDatabaseNames = @('')
    }

    $databasesInAvailabilityGroup = $AvailabilityGroup.AvailabilityDatabases | Select-Object -ExpandProperty Name

    # This is a hack to allow Compare-Object to work on an empty object
    if ( $null -eq $databasesInAvailabilityGroup )
    {
        $databasesInAvailabilityGroup = @('')
    }

    $comparisonResult = Compare-Object -ReferenceObject $matchingDatabaseNames -DifferenceObject $databasesInAvailabilityGroup -IncludeEqual

    $databasesToRemoveFromAvailabilityGroup = @()

    if ( 'Absent' -eq $Ensure )
    {
        $databasesToRemoveFromAvailabilityGroup = $comparisonResult | Where-Object -FilterScript { '==' -eq $_.SideIndicator } | Select-Object -ExpandProperty InputObject
    }
    elseif ( ( 'Present' -eq $Ensure ) -and ( $Force ) )
    {
        $databasesToRemoveFromAvailabilityGroup = $comparisonResult | Where-Object -FilterScript { '=>' -eq $_.SideIndicator } | Select-Object -ExpandProperty InputObject
    }

    return $databasesToRemoveFromAvailabilityGroup
}

<#
    .SYNOPSIS
        Get the database names that were specified in the configuration that do not exist on the instance.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER MatchingDatabaseNames
        All of the databases names that match the supplied names and wildcards.
#>

function Get-MatchingDatabaseNames
{
    [CmdletBinding()]
    param
    (
        [Parameter()]
        [System.String[]]
        $DatabaseName,

        [Parameter(Mandatory = $true)]
        [Microsoft.SqlServer.Management.Smo.Server]
        $ServerObject
    )

    $matchingDatabaseNames = @()

    foreach ( $dbName in $DatabaseName )
    {
        $matchingDatabaseNames += $ServerObject.Databases |
            Where-Object -FilterScript { $_.Name -ilike $dbName } |
            Select-Object -ExpandProperty Name
    }

    return $matchingDatabaseNames
}

<#
    .SYNOPSIS
        Get the database names that were defined in the DatabaseName property but were not found on the instance.
 
    .PARAMETER DatabaseName
        The name of the database(s) to add to the availability group. This accepts wildcards.
 
    .PARAMETER MatchingDatabaseNames
        All of the database names that were found on the instance that match the supplied DatabaseName property.
#>

function Get-DatabaseNamesNotFoundOnTheInstance
{
    [CmdletBinding()]
    param
    (
        [Parameter()]
        [System.String[]]
        $DatabaseName,

        [Parameter()]
        [System.String[]]
        $MatchingDatabaseNames
    )

    $databasesNotFoundOnTheInstance = @{}
    foreach ( $dbName in $DatabaseName )
    {
        # Assume the database name was not found
        $databaseToAddToAvailabilityGroupNotFound = $true

        foreach ( $matchingDatabaseName in $matchingDatabaseNames )
        {
            if ( $matchingDatabaseName -like $dbName )
            {
                # If we found the database name, it's not missing
                $databaseToAddToAvailabilityGroupNotFound = $false
            }
        }

        $databasesNotFoundOnTheInstance.Add($dbName, $databaseToAddToAvailabilityGroupNotFound)
    }

    $result = $databasesNotFoundOnTheInstance.GetEnumerator() | Where-Object -FilterScript { $_.Value } | Select-Object -ExpandProperty Key

    return $result
}