<# .SYNOPSIS Respaldo integral de Microsoft Entra ID y Entra Connect para PROMEDO. Ejecución desatendida mediante Client Credentials. #> $DateStamp = Get-Date -Format "yyyyMMdd_HHmm" $BasePath = "C:\Backups\PROMEDO_$DateStamp" $EntraConnectPath = "$BasePath\EntraConnect" $EntraIDPath = "$BasePath\EntraID" # Crear estructura de directorios New-Item -ItemType Directory -Force -Path $EntraConnectPath | Out-Null New-Item -ItemType Directory -Force -Path $EntraIDPath | Out-Null Write-Host "Iniciando proceso de respaldo para PROMEDO..." -ForegroundColor Cyan # --------------------------------------------------------------------- # 1. BACKUP DE ENTRA CONNECT (LOCAL) # --------------------------------------------------------------------- Write-Host "`n[1/2] Verificando entorno local de Entra Connect..." -ForegroundColor Yellow if (Get-Module -ListAvailable -Name ADSync) { Import-Module ADSync try { Get-ADSyncServerConfiguration -Path $EntraConnectPath Write-Host "✅ Backup de Entra Connect exportado a $EntraConnectPath" -ForegroundColor Green } catch { Write-Error "❌ Error al exportar Entra Connect: $_" } } else { Write-Host "⚠️ Módulo ADSync no encontrado. (Ignorar si no es el servidor de Entra Connect)" -ForegroundColor DarkGray } # --------------------------------------------------------------------- # 2. BACKUP DE ENTRA ID (NUBE - AUTENTICACIÓN AUTOMÁTICA) # --------------------------------------------------------------------- Write-Host "`n[2/2] Iniciando extracción de Microsoft Entra ID..." -ForegroundColor Yellow try { Write-Host "Conectando a Microsoft Graph (autenticación desatendida)..." -ForegroundColor Cyan # ----------------------------------------------------------------- # CREDENCIALES DE LA APLICACIÓN (Reemplazar con tus datos) # ----------------------------------------------------------------- $TenantId = "TU_TENANT_ID" $ClientId = "TU_CLIENT_ID" $ClientSecret = "TU_CLIENT_SECRET" $TokenBody = @{ grant_type = "client_credentials" scope = "https://graph.microsoft.com/.default" client_id = $ClientId client_secret = $ClientSecret } # Solicitar el token a Microsoft $TokenResponse = Invoke-RestMethod -Method Post ` -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" ` -Body $TokenBody # Convertir a SecureString (Requisito indispensable para versiones nuevas de Graph) $SecureToken = ConvertTo-SecureString $TokenResponse.access_token -AsPlainText -Force # Conectar silenciosamente Connect-MgGraph -AccessToken $SecureToken -NoWelcome # ----------------------------------------------------------------- # EXPORTACIÓN DE OBJETOS # ----------------------------------------------------------------- $ExportTasks = @{ "Users" = { Get-MgUser -All } "Groups" = { Get-MgGroup -All } "Apps" = { Get-MgApplication -All } "ServicePrincipals" = { Get-MgServicePrincipal -All } "CAPolicies" = { Get-MgIdentityConditionalAccessPolicy -All } "Roles" = { Get-MgRoleManagementDirectoryRoleDefinition -All } "Devices" = { Get-MgDevice -All } } foreach ($Task in $ExportTasks.GetEnumerator()) { $Name = $Task.Key $Action = $Task.Value Write-Host "📥 Exportando $Name..." $Data = & $Action if ($Data) { $Data | ConvertTo-Json -Depth 5 -Compress | Out-File "$EntraIDPath\$Name.json" -Encoding UTF8 } else { Write-Host " └ Ningún dato encontrado para $Name." -ForegroundColor DarkGray } } Write-Host "✅ Backup de Entra ID finalizado exitosamente." -ForegroundColor Green } catch { Write-Error "❌ Ocurrió un error en la extracción: $_" } finally { Write-Host "Desconectando sesión..." -ForegroundColor Cyan Disconnect-MgGraph } Write-Host "`n📁 Respaldo de PROMEDO completado. Ruta: $BasePath" -ForegroundColor Green