• Carbon Black Cloud Console: All Versions
• Endpoint Standard: All Versions
• Microsoft Windows: All Supported Versions

• The sensor will check on every System Boot, regardless of whether there is a change in persisted metadata or not.
• The sensor will check immediately when:
  • A network change is detected
  • If the sensor is re-registered
  • If the sensor service restarted
• The sensor will check potentially on an 8-hour frequency, depending on if any of the following has changed:
  • Computer name has changed
  • OS Platform type has somehow changed
  • OS Version has changed
  • The distinguished name (Domain) has changed

• The sensor pulls the AD OU name directly from the registry:

#define REG_KEY_GP_MACHINE L"SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine"
#define REG_VAL_DISTINGUISHED_NAME L"Distinguished-Name"

• Whatever the "GetComputerDistinguishedName" is reporting in the confer logs, is what is updated to the cloud.
• If that AD OU name isn't changed/updated in the cloud, and the Sensor is also showing the wrong info inside of "GetComputerDistinguishedName" logs, then it's possible the change hasn't actually taken place on the Device Or at least Active Directory didn't update the expected reg key/value pair.