Generate an Object Identifier

I am setting up a root CA and I need an OID without paying $$.  Can I use the OIDs generated for the CAPolicy.inf file?

I also noticed that each time I generate an OID it is different.  Which one should I use the last one I got or can I use any of them?

Am I supposed to generate an OID on the domain controller or the root CA?

Thanks in advance.

I will answer my own question, since I do not have months to wait for a reply.  I went ahead and used the OID that was generated as the OID for the certificate field - it all worked.

hello  

to generate an OID on the domain controller or the root CA? Which is the right answer??

how can we copy this code into dc machine and paste it?

how can generate oid in dc2 machine which is connected to acme.com

Open cmd prompt. Navigate to the folder where the vbs file is (say c:\Temp and your file name is OID.vbs). use cscript.exe to execute the file. by default it uses wscript.exe.

===========================
C:\Temp>cscript.exe Oid.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Your root OID is:
1.2.840.113556.1.8000.2554.19655.56552.19464.62523.42086.5516042.16055126
==============================


 

Not a question, but this script works on Windows 8, so I wanted to add a note here so you can update the description and compatibility chart if you wish.

Hi,

I would like to create a new custom attribute in my schema.
I get this OID when I run it in my DC1 machine.
What should I do with this ?

"Your root OID is:
1.2.840.113556.1.8000.2554.39809.6638.40713.20287.45174.2482085.12653064
This prefix should be used to name your schema attributes and classes."

Help me proceed.

Please see this QA on OIDs http://security.stackexchange.com/a/26518/396 

I tried to use this 1.2.840.113556.1.8000.2554.7134​.36657.16816.19594.35608.10326545.8140000 which was generated from the script (or a C# version of it) and if I try to import to AD LDS using ldifde it fails with an attribute conversion error. If I truncate the number to 1.2.840.113556.1.8000.2554.7.1 it works. So it must be the number that is the issue. 
Is there some limitation with AD LDS or something I'm missing?

BTW Here is the C# 
private string DoOIDCalc()
    {
      string oidPrefix;
      string guidString = Guid.NewGuid().ToString();
      long[] guidParts = new long[7];
      //The Microsoft OID Prefix used for the automated OID Generator 
      oidPrefix = "1.2.840.113556.1.8000.2554"; 
      // Split GUID into 6 hexadecimal numbers 
      guidParts[0] = Int64.Parse(guidString.Substring(0, 4).Trim(),NumberStyles.AllowHexSpecifier); 
      guidParts[1] = Int64.Parse(guidString.Substring( 4, 4).Trim(),NumberStyles.AllowHexSpecifier); 
      guidParts[2] = Int64.Parse(guidString.Substring( 9, 4).Trim(),NumberStyles.AllowHexSpecifier); 
      guidParts[3] = Int64.Parse(guidString.Substring( 14, 4).Trim(),NumberStyles.AllowHexSpecifier); 
      guidParts[4] = Int64.Parse(guidString.Substring( 19, 4).Trim(),NumberStyles.AllowHexSpecifier); 
      guidParts[5] = Int64.Parse(guidString.Substring( 24, 6).Trim(),NumberStyles.AllowHexSpecifier);
      guidParts[6] = Int64.Parse(guidString.Substring(30, 6).Trim(), NumberStyles.AllowHexSpecifier);
      return string.Format("{0}.{1}​.{2}.{3}.{4}.{5}.{6}.{7}", oidPrefix, guidParts[0], guidParts[1], guidParts[2], guidParts[3], guidParts[4], guidParts[5], guidParts[6]);    
    }

A variant of the script that enables the new OID to be copy/pasted would be helpful. (Not that it takes more than 2 minutes to modify it so, but still...)

Do you want to take a crack at writing it? I agree that it would be worth it, especially if a lot of people are using this script.

just run it from a cmd prompt using "cscript oidgen.vbs"
Then you can copy the output

Plain equivalent in Powershell...
#---
$Prefix="1.2.840.113556.1.8000.2554"
$GUID=[System.Guid]::NewGuid().ToString()
$Parts=@()
$Parts+=[UInt64]::Parse($guid.SubString(0,4),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(4,4),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(9,4),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(14,4),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(19,4),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(24,6),"AllowHexSpecifier")
$Parts+=[UInt64]::Parse($guid.SubString(30,6),"AllowHexSpecifier")
$OID=[String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}",$prefix,$Parts[0],$Parts[1],$Parts[2],$Parts[3],$Parts[4],$Parts[5],$Parts[6])
$oid
#---