[CmdletBinding()]
param (
        [switch]
        $IncludeInProgress
)
    
begin {
        
}
    
process {
    New-ITDServiceNowSession -Credential $Secret:snow_vmcred -Environment Production
    Connect-ITDvCenter -Credential $Secret:ndgov_svcitdvmvcauto
    
    If($PSBoundParameters.ContainsKey("IncludeInProgress")){
        $Filter = 'short_descriptionSTARTSWITHLockdown mode is disabled on VMware host^state=1^ORstate=2'
    } Else {
        $Filter = 'state=1^short_descriptionSTARTSWITHLockdown Mode is disabled on VMware host'
    }

    $Incidents = Get-ITDServiceNowRecord -ItemType Incident -Filter $Filter | Sort-Object {$_.number.value}
    
    ForEach ($Incident in $Incidents) {
        # reset variables for each loop
        $VMHostName = $null
        $VMHostStatus = $null
        $VMHostStatusCheck = $null
        $NoChange = $null

        $VMHostName = $Incident.short_description.display_value.split(' ')[-1]
        
        Write-Verbose -Message ("Start " + $Incident.number.display_value + " for host " + $VMHostName) -Verbose
        # confirm ticket is accurate, that host has lockdown mode disabled
        $VMHostStatus = Get-ITDVMwareVMHostStatus -Name $VMHostName
        
        # if accurate, enable lockdown
        If ($VMHostStatus.LockdownMode -eq 'lockdowndisabled') {
            Write-Verbose -Message ("Lockdown is still disabled on " + $VMHostName + ", enabling lockdown mode") -Verbose
            Enable-ITDVMwareVMHostFeature -Name $VMHostName -LockdownMode
        }
        Else {
            Write-Verbose -Message ("Lockdown is already enabled on " + $VMHostName + ", no change") -Verbose
            $NoChange = $true
        } 
        Start-Sleep -Seconds 5
        
        # confirm lockdown is enabled
        $VMHostStatusCheck = Get-ITDVMwareVMHostStatus -Name $VMHostName

        # update ticket with current status
        If ($VMHostStatusCheck.LockdownMode -eq 'lockdowndisabled') {
            # update work notes if disabled
            Write-Verbose -Message ("Lockdown is still disabled on " + $VMHostName + ", update incident work notes") -Verbose
            $WorkNotesMsg = ("Lockdown is still disabled on " + $VMHostName + " after attempted remediation, manual review required.")
            Update-ITDServiceNowRecord -ItemType Incident -Number $Incident.number.display_value -Values @{
                work_notes = $WorkNotesMsg
                state      = 'On Hold'
            }
        }
        Else {
            # close if enabled
            If ($NoChange) {
                Write-Verbose -Message ("Lockdown was already enabled on " + $VMHostName + ", closing incident") -Verbose
                $close_notes = ("Lockdown was already enabled on " + $VMHostName + " when checked, closing incident")
            }
            Else {
                Write-Verbose -Message ("Lockdown successfully enabled on " + $VMHostName + ", closing incident") -Verbose
                $close_notes = ("Lockdown successfully auto-enabled on " + $VMHostName);
            }
            Write-Verbose -Message ("Lockdown successfully enabled on " + $VMHostName + ", closing incident") -Verbose
            Update-ITDServiceNowRecord -ItemType Incident -Number $Incident.number.display_value -Values @{
                close_code         = 'Solved (Permanently)'
                close_notes        = $close_notes
                u_underlying_cause = 'Configuration';
                state              = 'Closed'
            }
        }
    }

    Disconnect-ITDvCenter
}
    
end {
        
}