# ADOrganizationalUnit.ps1
# Organizational Unit management.
# No dependencies on other AD modules.

function Ensure-ADOU {
    <#
    .SYNOPSIS
        Idempotently creates an OU. Returns $true if created, $false if already exists.
    #>
    param(
        [Parameter(Mandatory)]
        [string]$Name,

        [Parameter(Mandatory)]
        [string]$Path,

        [string]$Description = ''
    )

    $dn = "OU=$Name,$Path"

    try {
        Get-ADOrganizationalUnit -Identity $dn -ErrorAction Stop | Out-Null
        Write-Host "  [OK] OU exists: $Name" -ForegroundColor Green
        return $false
    } catch {
        New-ADOrganizationalUnit -Name $Name -Path $Path -Description $Description -ProtectedFromAccidentalDeletion $true
        Write-Host "  [CREATED] OU: $Name ($dn)" -ForegroundColor Yellow
        return $true
    }
}

function Compare-ADOU {
    <#
    .SYNOPSIS
        Checks if an OU exists. Returns a diff object if missing.
    #>
    param(
        [Parameter(Mandatory)]
        [string]$Name,

        [Parameter(Mandatory)]
        [string]$Path
    )

    $dn = "OU=$Name,$Path"

    try {
        Get-ADOrganizationalUnit -Identity $dn -ErrorAction Stop | Out-Null
        Write-Host "  [OK] OU exists: $Name" -ForegroundColor Green
        return $null
    } catch {
        Write-Host "  [MISSING] OU: $Name ($dn)" -ForegroundColor Red
        return [PSCustomObject]@{ Type = 'OU'; Name = $Name; Status = 'Missing' }
    }
}