Maison/Migration/exportDomainComplete.ps1

# exportDomain.ps1 - Exécuter sur Windows 2022 AD
# Script complet d'exportation vers format YAML

# Installer le module PowerShell-Yaml si nécessaire
# Install-Module powershell-yaml -Force

# Fonction pour convertir en YAML
function ConvertTo-Yaml {
    param($InputObject)
    return ConvertTo-Json $InputObject -Depth 10 | ConvertFrom-Json | ConvertTo-Yaml
}

Write-Host "=== Début de l'extraction Active Directory ==="

# ===== EXTRACTION DU DOMAINE =====
Write-Host "1. Extraction des informations de domaine..."
$Domain = Get-ADDomain
$DomainData = @{
    'DomainSID' = $Domain.DomainSID.Value
    'DomainName' = $Domain.Name
    'DNSRoot' = $Domain.DNSRoot
    'NetBIOSName' = $Domain.NetBIOSName
    'DomainMode' = $Domain.DomainMode.ToString()
    'ForestMode' = $Domain.Forest
    'PDCEmulator' = $Domain.PDCEmulator
    'RIDMaster' = $Domain.RIDMaster
    'InfrastructureMaster' = $Domain.InfrastructureMaster
}

# ===== EXTRACTION DES UTILISATEURS =====
Write-Host "2. Extraction des utilisateurs..."
$Users = Get-ADUser -Filter * -Properties *
$UserExport = @()

foreach ($User in $Users) {
    # Exclure les comptes système par défaut
    # if ($User.SamAccountName -notmatch '^(Administrator|Guest|krbtgt|DefaultAccount|WDAGUtilityAccount)$') {
    if ($User.SamAccountName -notmatch '^(Administrator|Guest|krbtgt|DefaultAccount|WDAGUtilityAccount)$') {
        $UserData = @{
            'SamAccountName' = $User.SamAccountName
            'Name' = $User.Name
            'GivenName' = $User.GivenName
            'Surname' = $User.Surname
            'DisplayName' = $User.DisplayName
            'UserPrincipalName' = $User.UserPrincipalName
            'EmailAddress' = $User.EmailAddress
            'Description' = $User.Description
            'Enabled' = $User.Enabled
            'PasswordNeverExpires' = $User.PasswordNeverExpires
            'PasswordLastSet' = $User.PasswordLastSet
            'LastLogonDate' = $User.LastLogonDate
            'SID' = $User.SID.Value
            'DistinguishedName' = $User.DistinguishedName
            'HomeDirectory' = $User.HomeDirectory
            'HomeDrive' = $User.HomeDrive
            'ProfilePath' = $User.ProfilePath
            'ScriptPath' = $User.ScriptPath
            'MemberOf' = $User.MemberOf
        }
        $UserExport += $UserData
    }
}

# ===== EXTRACTION DES ORDINATEURS =====
Write-Host "3. Extraction des ordinateurs..."
$Computers = Get-ADComputer -Filter * -Properties *
$ComputerExport = @()

foreach ($Computer in $Computers) {
    # Exclure les contrôleurs de domaine
    if ($Computer.Name -notmatch '^(DC|DOMAIN)') {
        $ComputerData = @{
            'Name' = $Computer.Name
            'SamAccountName' = $Computer.SamAccountName
            'DNSHostName' = $Computer.DNSHostName
            'Description' = $Computer.Description
            'Enabled' = $Computer.Enabled
            'SID' = $Computer.SID.Value
            'DistinguishedName' = $Computer.DistinguishedName
            'OperatingSystem' = $Computer.OperatingSystem
            'OperatingSystemVersion' = $Computer.OperatingSystemVersion
            'OperatingSystemServicePack' = $Computer.OperatingSystemServicePack
            'LastLogonDate' = $Computer.LastLogonDate
            'PasswordLastSet' = $Computer.PasswordLastSet
            'Location' = $Computer.Location
            'ManagedBy' = $Computer.ManagedBy
        }
        $ComputerExport += $ComputerData
    }
}

# ===== EXTRACTION DES GROUPES =====
Write-Host "4. Extraction des groupes..."
$Groups = Get-ADGroup -Filter * -Properties *
$GroupExport = @()

foreach ($Group in $Groups) {
    # Exclure les groupes système par défaut
    # $SystemGroups = @(
    #     'Domain Admins', 'Domain Users', 'Domain Guests', 'Domain Computers',
    #     'Administrators', 'Users', 'Guests', 'Power Users', 'Backup Operators',
    #     'Replicator', 'Network Configuration Operators', 'Performance Monitor Users',
    #     'Performance Log Users', 'Distributed COM Users', 'IIS_IUSRS',
    #     'Cryptographic Operators', 'Event Log Readers', 'Certificate Service DCOM Access',
    #     'RDS Remote Access Servers', 'RDS Endpoint Servers', 'RDS Management Servers',
    #     'Hyper-V Administrators', 'Access Control Assistance Operators',
    #     'Remote Management Users', 'Storage Replica Administrators',
    #     'Schema Admins', 'Enterprise Admins', 'Cert Publishers', 'Domain Controllers',
    #     'Group Policy Creator Owners', 'RAS and IAS Servers', 'Server Operators',
    #     'Account Operators', 'Print Operators', 'Pre-Windows 2000 Compatible Access',
    #     'Incoming Forest Trust Builders', 'Windows Authorization Access Group',
    #     'Terminal Server License Servers', 'DHCP Users', 'DHCP Administrators',
    #     'DnsAdmins', 'DnsUpdateProxy', 'WINS Users', 'IIS_WPG',
    #     'Denied RODC Password Replication Group', 'Allowed RODC Password Replication Group',
    #     'Enterprise Read-only Domain Controllers', 'Read-only Domain Controllers',
    #     'Cloneable Domain Controllers', 'Protected Users', 'Key Admins',
    #     'Enterprise Key Admins'
    # )
    $SystemGroups = @(
        'Domain Admins', 'Domain Users', 'Domain Guests', 'Domain Computers',
        'Administrators', 'Users', 'Guests', 'Power Users', 'Backup Operators',
        'Replicator', 'Network Configuration Operators', 'Performance Monitor Users',
        'Performance Log Users', 'Distributed COM Users', 'IIS_IUSRS',
        'Cryptographic Operators', 'Event Log Readers', 'Certificate Service DCOM Access',
        'RDS Remote Access Servers', 'RDS Endpoint Servers', 'RDS Management Servers',
        'Hyper-V Administrators', 'Access Control Assistance Operators',
        'Remote Management Users', 'Storage Replica Administrators',
        'Schema Admins', 'Enterprise Admins', 'Cert Publishers', 'Domain Controllers',
        'Group Policy Creator Owners', 'RAS and IAS Servers', 'Server Operators',
        'Account Operators', 'Print Operators', 'Pre-Windows 2000 Compatible Access',
        'Incoming Forest Trust Builders', 'Windows Authorization Access Group',
        'Terminal Server License Servers', 'DHCP Users', 'DHCP Administrators',
        'DnsAdmins', 'DnsUpdateProxy', 'WINS Users', 'IIS_WPG',
        'Denied RODC Password Replication Group', 'Allowed RODC Password Replication Group',
        'Enterprise Read-only Domain Controllers', 'Read-only Domain Controllers',
        'Cloneable Domain Controllers', 'Protected Users', 'Key Admins',
        'Enterprise Key Admins'
    )
    
    if ($Group.Name -notin $SystemGroups -and $Group.SamAccountName -notmatch '\$$') {
        # Obtenir les membres du groupe
        $Members = Get-ADGroupMember -Identity $Group -Recursive -ErrorAction SilentlyContinue
        $MemberList = @()
        foreach ($Member in $Members) {
            $MemberList += @{
                'Name' = $Member.Name
                'SamAccountName' = $Member.SamAccountName
                'ObjectClass' = $Member.ObjectClass
                'DistinguishedName' = $Member.DistinguishedName
            }
        }
        
        $GroupData = @{
            'Name' = $Group.Name
            'SamAccountName' = $Group.SamAccountName
            'Description' = $Group.Description
            'GroupCategory' = $Group.GroupCategory.ToString()
            'GroupScope' = $Group.GroupScope.ToString()
            'SID' = $Group.SID.Value
            'DistinguishedName' = $Group.DistinguishedName
            'ManagedBy' = $Group.ManagedBy
            'Members' = $MemberList
            'MemberOf' = $Group.MemberOf
        }
        $GroupExport += $GroupData
    }
}

# ===== CONSOLIDATION DES DONNÉES =====
Write-Host "5. Consolidation des donnees..."
$ConsolidatedData = @{
    'ExportDate' = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    'ExportedBy' = $env:USERNAME
    'Domain' = $DomainData
    'Users' = $UserExport
    'Computers' = $ComputerExport
    'Groups' = $GroupExport
    'Statistics' = @{
        'TotalUsers' = $UserExport.Count
        'TotalComputers' = $ComputerExport.Count
        'TotalGroups' = $GroupExport.Count
    }
}

# ===== EXPORT VERS YAML =====
Write-Host "6. Export vers fichiers..."

# Créer le répertoire temp s'il n'existe pas
if (!(Test-Path "C:\temp")) {
    New-Item -ItemType Directory -Path "C:\temp" -Force
}

# Export principal en YAML
# Fallback en JSON si YAML n'est pas disponible
$ConsolidatedData | ConvertTo-Json -Depth 20 | Out-File -FilePath "C:\temp\ad_export_complete.json" -Encoding UTF8

# Exports individuels pour compatibilité
$UserExport | ConvertTo-Json -Depth 5 | Out-File -FilePath "C:\temp\users_export.json" -Encoding UTF8
$ComputerExport | ConvertTo-Json -Depth 5 | Out-File -FilePath "C:\temp\computers_export.json" -Encoding UTF8
$GroupExport | ConvertTo-Json -Depth 5 | Out-File -FilePath "C:\temp\groups_export.json" -Encoding UTF8

Write-Host ""
Write-Host "=== Resume ==="
Write-Host "Utilisateurs exportes : $($UserExport.Count)"
Write-Host "Ordinateurs exportes : $($ComputerExport.Count)"
Write-Host "Groupes exportes : $($GroupExport.Count)"
Write-Host "SID de domaine : $($DomainData.DomainSID)"
Write-Host ""
Write-Host "Fichiers generes :"
Write-Host "- C:\temp\ad_export_complete.yaml (ou .json)"
Write-Host "- C:\temp\users_export.json"
Write-Host "- C:\temp\computers_export.json" 
Write-Host "- C:\temp\groups_export.json"
Write-Host ""
Write-Host "Extraction terminee avec succes "