Generate an Object Identifier

Generates an object identifier (OID) using a GUID and the OID prefix 1.2.840.113556.1.8000.2554. This script contributed by Omar Sinno of Microsoft.

 
 
 
 
 
4 Star
(32)
Add to favorites
Active Directory
8/26/2009
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Script
    1 Posts | Last post September 15, 2017
    • Can this script be run in powershell?
  • Does this run on 2016?
    2 Posts | Last post August 30, 2017
    • oid.vbs(20, 9) Microsoft VBScript compilation error: Invalid character
    • I found the PS version which is working.  Thanks!
  • Can you use the OID for AD CA?
    4 Posts | Last post August 07, 2017
    • I am setting up a root CA and I need an OID without paying $$.  Can I use the OIDs generated for the CAPolicy.inf file?
      
      I also noticed that each time I generate an OID it is different.  Which one should I use the last one I got or can I use any of them?
      
      Am I supposed to generate an OID on the domain controller or the root CA?
      
      Thanks in advance.
    • I will answer my own question, since I do not have months to wait for a reply.  I went ahead and used the OID that was generated as the OID for the certificate field - it all worked.
    • hello  
      
      to generate an OID on the domain controller or the root CA? Which is the right answer??
      
    • Hi.. I am in process of setting two tier CA.. can you please let me know the steps to be followed using this script....
  • While i run this script...it will extend the Schema of my domain?
    1 Posts | Last post August 07, 2017
    • While i run this script...it will extend the Schema of my domain?  or do i need to perform anything else using this OID...
      
      As per my understanding once i run this command .. it will extend the schema and provide my root ID example 1.1.1.1 ... which i will use in ROOT CApolicy.inf and when i install sub CA i use 1.1.1.2 in Sub CApolicy.inf .... am i right?
  • pls help me
    2 Posts | Last post October 18, 2016
    • how can we copy this code into dc machine and paste it?
      
      how can generate oid in dc2 machine which is connected to acme.com
    • Open cmd prompt. Navigate to the folder where the vbs file is (say c:\Temp and your file name is OID.vbs). use cscript.exe to execute the file. by default it uses wscript.exe.
      
      ===========================
      C:\Temp>cscript.exe Oid.vbs
      Microsoft (R) Windows Script Host Version 5.8
      Copyright (C) Microsoft Corporation. All rights reserved.
      
      Your root OID is:
      1.2.840.113556.1.8000.2554.19655.56552.19464.62523.42086.5516042.16055126
      ==============================
      
      
       
      
  • This script works on WIndows 8.
    1 Posts | Last post August 27, 2013
    • Not a question, but this script works on Windows 8, so I wanted to add a note here so you can update the description and compatibility chart if you wish.
  • What to do with OID?
    1 Posts | Last post January 09, 2013
    • Hi,
      
      I would like to create a new custom attribute in my schema.
      I get this OID when I run it in my DC1 machine.
      What should I do with this ?
      
      "Your root OID is:
      1.2.840.113556.1.8000.2554.39809.6638.40713.20287.45174.2482085.12653064
      This prefix should be used to name your schema attributes and classes."
      
      Help me proceed.
  • More info on OIDs
    1 Posts | Last post January 04, 2013
    • Please see this QA on OIDs http://security.stackexchange.com/a/26518/396 
      
  • Problem with OID string too long when importing to AD LDS
    1 Posts | Last post May 16, 2012
    • I tried to use this 1.2.840.113556.1.8000.2554.7134​.36657.16816.19594.35608.10326545.8140000 which was generated from the script (or a C# version of it) and if I try to import to AD LDS using ldifde it fails with an attribute conversion error. If I truncate the number to 1.2.840.113556.1.8000.2554.7.1 it works. So it must be the number that is the issue. 
      Is there some limitation with AD LDS or something I'm missing?
      
      BTW Here is the C# 
      private string DoOIDCalc()
          {
            string oidPrefix;
            string guidString = Guid.NewGuid().ToString();
            long[] guidParts = new long[7];
            //The Microsoft OID Prefix used for the automated OID Generator 
            oidPrefix = "1.2.840.113556.1.8000.2554"; 
            // Split GUID into 6 hexadecimal numbers 
            guidParts[0] = Int64.Parse(guidString.Substring(0, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[1] = Int64.Parse(guidString.Substring( 4, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[2] = Int64.Parse(guidString.Substring( 9, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[3] = Int64.Parse(guidString.Substring( 14, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[4] = Int64.Parse(guidString.Substring( 19, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[5] = Int64.Parse(guidString.Substring( 24, 6).Trim(),NumberStyles.AllowHexSpecifier);
            guidParts[6] = Int64.Parse(guidString.Substring(30, 6).Trim(), NumberStyles.AllowHexSpecifier);
            return string.Format("{0}.{1}​.{2}.{3}.{4}.{5}.{6}.{7}", oidPrefix, guidParts[0], guidParts[1], guidParts[2], guidParts[3], guidParts[4], guidParts[5], guidParts[6]);    
          }
  • Copy/pastable OID
    4 Posts | Last post March 12, 2012
    • A variant of the script that enables the new OID to be copy/pasted would be helpful. (Not that it takes more than 2 minutes to modify it so, but still...)
    • Do you want to take a crack at writing it? I agree that it would be worth it, especially if a lot of people are using this script.
    • just run it from a cmd prompt using "cscript oidgen.vbs"
      Then you can copy the output
    • Plain equivalent in Powershell...
      #---
      $Prefix="1.2.840.113556.1.8000.2554"
      $GUID=[System.Guid]::NewGuid().ToString()
      $Parts=@()
      $Parts+=[UInt64]::Parse($guid.SubString(0,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(4,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(9,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(14,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(19,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(24,6),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(30,6),"AllowHexSpecifier")
      $OID=[String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}",$prefix,$Parts[0],$Parts[1],$Parts[2],$Parts[3],$Parts[4],$Parts[5],$Parts[6])
      $oid
      #---