Update AAD cloud sync user details.workbook (#3052)

update targetUPN value

Author: msft-erzhan

Workbooks/Azure Active Directory Provisioning/AAD cloud sync user details/AAD cloud sync user details.workbook

@@ -131,7 +131,7 @@
       "type": 3,
       "content": {
         "version": "KqlItem/1.0",
-        "query": "AADProvisioningLogs\r\n| where TimeGenerated {TimeRange}\r\n|extend JobId = iff(JobId == '', 'Unknown', JobId)\r\n|where JobId in ({JobId}) or '*' in ({JobId})\r\n|extend ResultType = iff(ResultType == '', 'Unknown', ResultType)\r\n|where ResultType in ({Status}) or '*' in ({Status})\r\n|where Action in ('{ActionInfo}') or  '*' in ('{ActionInfo}')\r\n|extend SourceSystem = parse_json(SourceSystem)\r\n|extend TargetSystem = parse_json(TargetSystem)\r\n|extend SourceIdentity = parse_json(SourceIdentity)\r\n|extend TargetIdentity = parse_json(TargetIdentity)\r\n|extend Source = SourceSystem.Name\r\n|extend Target = TargetSystem.Name\r\n|where Source == \"Active Directory\" and Target ==\"Microsoft Entra ID\"\r\n|extend SourceIdentityType = tostring(SourceIdentity.identityType)\r\n|extend TargetIdentityType = tostring(TargetIdentity.identityType)\r\n|extend SourceIdentityId = tostring(SourceIdentity.Id)\r\n|extend TargetIdentityId = tostring(TargetIdentity.Id)\r\n|extend SourceDisplayName = tostring(SourceIdentity.Name)\r\n|extend TargetDisplayName = tostring(TargetIdentity.Name)\r\n|extend TargetUPN = tostring(TargetIdentity.UserPrincipalName)\r\n|where SourceIdentityType in (\"user\") or SourceIdentityType  in (\"group\") or SourceIdentityType in (\"contact\")\r\n|project SourceIdentityId, Action,SourceDisplayName, TargetDisplayName, TargetIdentityId, ResultType, Source, TargetUPN\r\n|distinct SourceDisplayName,SourceIdentityId, TargetDisplayName,TargetUPN, TargetIdentityId, ResultType, Action",
+        "query": "AADProvisioningLogs\r\n| where TimeGenerated {TimeRange}\r\n|extend JobId = iff(JobId == '', 'Unknown', JobId)\r\n|where JobId in ({JobId}) or '*' in ({JobId})\r\n|extend ResultType = iff(ResultType == '', 'Unknown', ResultType)\r\n|where ResultType in ({Status}) or '*' in ({Status})\r\n|where Action in ('{ActionInfo}') or  '*' in ('{ActionInfo}')\r\n|extend SourceSystem = parse_json(SourceSystem)\r\n|extend TargetSystem = parse_json(TargetSystem)\r\n|extend SourceIdentity = parse_json(SourceIdentity)\r\n|extend TargetIdentity = parse_json(TargetIdentity)\r\n|extend Source = SourceSystem.Name\r\n|extend Target = TargetSystem.Name\r\n|where Source == \"Active Directory\" and Target ==\"Microsoft Entra ID\"\r\n|extend SourceIdentityType = tostring(SourceIdentity.identityType)\r\n|extend TargetIdentityType = tostring(TargetIdentity.identityType)\r\n|extend SourceIdentityId = tostring(SourceIdentity.Id)\r\n|extend TargetIdentityId = tostring(TargetIdentity.Id)\r\n|extend SourceDisplayName = tostring(SourceIdentity.Name)\r\n|extend TargetDisplayName = tostring(TargetIdentity.Name)\r\n|extend TargetUPN = tostring(TargetIdentity.details.UserPrincipalName)\r\n|where SourceIdentityType in (\"user\") or SourceIdentityType  in (\"group\") or SourceIdentityType in (\"contact\")\r\n|project SourceIdentityId, Action,SourceDisplayName, TargetDisplayName, TargetIdentityId, ResultType, Source, TargetUPN\r\n|distinct SourceDisplayName,SourceIdentityId, TargetDisplayName,TargetUPN, TargetIdentityId, ResultType, Action",
         "size": 3,
         "timeContext": {
           "durationMs": 5184000000
@@ -212,4 +212,4 @@
     }
   ],
   "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
-}
+}