Entra exporter after the backup shows completed, nothing is in the backup folder.

Question

I am attempting to run a script on one of our internal servers to back up our Entra tenant config using Entra exporter. I customized the solution to use MSAL and an app registration to authenticate to our tenant. I am using the Connect-MgGraph option for Exporter with the following parameters -AccessToken $graphToken. Authentication is confirmed, the backup process starts and permissions reflect what is granted in the App registration. The only problem is that nothing is exported to the file path in the script. After the backup shows completed, nothing is in the folder.

PowerShell Script listed below.

# Create backup folder
New-Item -ItemType Directory -Path "C:\Backup\EntraBackup\$((Get-Date).ToString('yyyy-MM-dd'))"
# Define variables
$backupPath = "C:\Backup\EntraBackup\$((Get-Date).ToString('yyyy-MM-dd'))"
$tenantID = 'tenatyid'  # Tenant ID
$clientID = 'clientid'  # Application (client) ID
$clientSecret = 'its a secret'  # Application (client) secret
# Scopes required for the backup operation (Microsoft Graph API)
$scopes = @('https://graph.microsoft.com/.default')
# Convert the client secret into a secure string and pass to the New-MsalClientApplication
$secureClientSecret = (ConvertTo-SecureString "$clientSecret" -AsPlainText -Force)
# Install the necessary modules if not already installed
Write-Host 'Installing required modules...'
Install-Module -Name MSAL.PS 
Install-Module -Name Microsoft.Graph.Authentication
Install-Module -Name EntraExporter
# Create the MSAL Confidential Client Application (Service Principal Authentication)
Write-Host 'Authenticating using Service Principal...'
$msalApp = New-MsalClientApplication -clientId $clientID -clientSecret $secureClientSecret -Authority "https://login.microsoftonline.com/$tenantID"
# Acquire the token for Microsoft Graph API
Write-Host 'Acquiring token for Microsoft Graph API...'
$tokenResponse = Get-MsalToken -clientID $clientID -clientSecret $secureClientSecret -tenantID $tenantID -Scopes $scopes
# Extract the access token from the response
$graphToken = (ConvertTo-SecureString $tokenResponse.AccessToken -AsPlainText -Force)
# Check if the token was retrieved successfully
if (-not $graphToken) {
    Write-Host "Failed to obtain access token. Exiting script."
    exit
}
Write-Host "Successfully authenticated. Access Token acquired."
# Connect to Microsoft Graph using the acquired token
Write-Host 'Connecting to Microsoft Graph...'
Connect-MgGraph -AccessToken $graphToken
# Connect to Entra ID and perform a full export
Write-Host 'Connecting to Entra ID...' 
# Start the backup process
Write-Host 'Starting backup...'
Export-Entra -Path 'C:\Backup\EntraBackup\2024-10-21\' -All
Write-Host 'Backup complete...'

Answer 1

Hi @John Magin ,

Thank you for reaching out Microsoft Q&A.

I see you are trying to export your Entra tenant configuration using Entra Exporter commands. But it was not giving you any output. It looks like you are authenticating through a service prinicpal to connect to Entra Exporter. Try to use User credentials to Connect to Entra Exporter. 

Please follow the commands:

1. Install-Module EntraExporter
2. Connect-EntraExporterExport
3. Export-Entra -Path 'C:\EntraBackup'

Follow the documentation for the steps: https://github.com/microsoft/EntraExporter?tab=readme-ov-file
Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Regards,
Goutam Pratti.