WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
Boilerplates/Windows/BackupGPO.md
admManuel 3e8fa614ac Update Windows/BackupGPO.md
2024-03-02 16:37:32 +00:00

3.3 KiB
Raw Permalink Blame History

Method 1 - use a SMB - Networkshare as the backuptarget

$limit = (Get-Date).AddDays(-30)
$path = "\\NETWORKSHARE"

# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force

# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse

Backup-GPO -All -path $path -Comment "Backup done from SERVERNAME"

Method 2 - use a SFTP Server as the backuptarget

You have to keep in mind that you need script to autodelete old backups on the target. Maybe a cronjob for that part with the particular script would be a nice idea ;)

To get the fingerprint of your hosts host_key file run this command and paste it behind the variable $sftpfingerprint

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

Script on DomainController

# documentation for winscp can be found here: https://winscp.net/eng/docs/library_powershell
# prior to get this up and running you need ".NET assembly/COM library" from here https://winscp.net/eng/downloads.php

$path = "C:\backup\gpos" #path for temporary storing all files
$temp = "C:\backup\gpos_$(Get-Date -Format 'yyyyMMdd-HHmmss').zip" #path for the zip file in 24h format
$sftpserver = "FQDN or IP"
$sftpuser = "sftpusername"
$sftpkeypath = "C:\Scripts\backupGPOs\privatekeyfile.ppk" #authentication with ppk file (password is possible as well, take a look at documentation)
$sftpfingerprint = "ssh-rsa 3072 aX....." #replace it with the value of the command from the host above
$winscppath = "C:\Scripts\backupGPOs\WinSCPnet.dll" #file from the zip you have downloaded before
$destinantion = "/backups/gpos/" #target on the SFTP Server

Backup-GPO -All -path $path -Comment "Backup done from DC-01"

# Load WinSCP .NET assembly
Add-Type -Path $winscppath

# zip backup
$compress = @{
  Path = $path
  CompressionLevel = "Fastest"
  DestinationPath = $temp
}
Compress-Archive @compress

# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = $sftpserver
    UserName = $sftpuser
    SshHostKeyFingerprint = $sftpfingerprint
    SshPrivateKeyPath = $sftpkeypath
}

$session = New-Object WinSCP.Session

try
{
    # Connect
    $session.Open($sessionOptions)

    # Upload
    $session.PutFiles($temp, $destinantion).Check()
}
finally
{
    # Disconnect, clean up
    $session.Dispose()
}

# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer } | Remove-Item -Force

# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse

Remove-Item -Path $temp -Force

possible command for the cronjob on the linux system

You can run this without the -delete and you will see affected files by the filter.

# -mtime +10 => older than 10 days
find /backup/gpos -mtime +10 -type f -delete
Reference in New Issue View Git Blame Copy Permalink