Generate an Object Identifier

Generates an object identifier (OID) using a GUID and the OID prefix 1.2.840.113556.1.8000.2554. This script contributed by Omar Sinno of Microsoft.

4.1 Star
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
Sign in to ask a question

  • Scary one-liner PowerShell with try/catch included
    2 Posts | Last post December 19, 2018
    • try {@(@("1.2.840.113556.1.8000.2554")+@(@($guid -split (@(4,4,4,4,4,6,6|%{"(.{$_})"}) -join "-*"))[1..7] | % {[UInt64]::Parse($_,"AllowHexSpecifier")})) -join "."} catch {throw "Guid could not be generated, please ensure machine has a network card."}
    • Whoops. Missing Guid object in the first one. 
      try {@(@("1.2.840.113556.1.8000.2554")+@(@([Guid]::NewGuid().Guid -split (@(4,4,4,4,4,6,6|%{"(.{$_})"}) -join "-*"))[1..7] | % {[UInt64]::Parse($_,"AllowHexSpecifier")})) -join "."} catch {throw "Guid could not be generated, please ensure machine has a network card."}
  • Script
    1 Posts | Last post September 15, 2017
    • Can this script be run in powershell?
  • Does this run on 2016?
    2 Posts | Last post August 30, 2017
    • oid.vbs(20, 9) Microsoft VBScript compilation error: Invalid character
    • I found the PS version which is working.  Thanks!
  • Can you use the OID for AD CA?
    4 Posts | Last post August 07, 2017
    • I am setting up a root CA and I need an OID without paying $$.  Can I use the OIDs generated for the CAPolicy.inf file?
      I also noticed that each time I generate an OID it is different.  Which one should I use the last one I got or can I use any of them?
      Am I supposed to generate an OID on the domain controller or the root CA?
      Thanks in advance.
    • I will answer my own question, since I do not have months to wait for a reply.  I went ahead and used the OID that was generated as the OID for the certificate field - it all worked.
    • hello  
      to generate an OID on the domain controller or the root CA? Which is the right answer??
    • Hi.. I am in process of setting two tier CA.. can you please let me know the steps to be followed using this script....
  • While i run this will extend the Schema of my domain?
    1 Posts | Last post August 07, 2017
    • While i run this will extend the Schema of my domain?  or do i need to perform anything else using this OID...
      As per my understanding once i run this command .. it will extend the schema and provide my root ID example ... which i will use in ROOT CApolicy.inf and when i install sub CA i use in Sub CApolicy.inf .... am i right?
  • pls help me
    2 Posts | Last post October 18, 2016
    • how can we copy this code into dc machine and paste it?
      how can generate oid in dc2 machine which is connected to
    • Open cmd prompt. Navigate to the folder where the vbs file is (say c:\Temp and your file name is OID.vbs). use cscript.exe to execute the file. by default it uses wscript.exe.
      C:\Temp>cscript.exe Oid.vbs
      Microsoft (R) Windows Script Host Version 5.8
      Copyright (C) Microsoft Corporation. All rights reserved.
      Your root OID is:
  • This script works on WIndows 8.
    1 Posts | Last post August 27, 2013
    • Not a question, but this script works on Windows 8, so I wanted to add a note here so you can update the description and compatibility chart if you wish.
  • What to do with OID?
    1 Posts | Last post January 09, 2013
    • Hi,
      I would like to create a new custom attribute in my schema.
      I get this OID when I run it in my DC1 machine.
      What should I do with this ?
      "Your root OID is:
      This prefix should be used to name your schema attributes and classes."
      Help me proceed.
  • More info on OIDs
    1 Posts | Last post January 04, 2013
    • Please see this QA on OIDs 
  • Problem with OID string too long when importing to AD LDS
    1 Posts | Last post May 16, 2012
    • I tried to use this 1.2.840.113556.1.8000.2554.7134​.36657.16816.19594.35608.10326545.8140000 which was generated from the script (or a C# version of it) and if I try to import to AD LDS using ldifde it fails with an attribute conversion error. If I truncate the number to 1.2.840.113556.1.8000.2554.7.1 it works. So it must be the number that is the issue. 
      Is there some limitation with AD LDS or something I'm missing?
      BTW Here is the C# 
      private string DoOIDCalc()
            string oidPrefix;
            string guidString = Guid.NewGuid().ToString();
            long[] guidParts = new long[7];
            //The Microsoft OID Prefix used for the automated OID Generator 
            oidPrefix = "1.2.840.113556.1.8000.2554"; 
            // Split GUID into 6 hexadecimal numbers 
            guidParts[0] = Int64.Parse(guidString.Substring(0, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[1] = Int64.Parse(guidString.Substring( 4, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[2] = Int64.Parse(guidString.Substring( 9, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[3] = Int64.Parse(guidString.Substring( 14, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[4] = Int64.Parse(guidString.Substring( 19, 4).Trim(),NumberStyles.AllowHexSpecifier); 
            guidParts[5] = Int64.Parse(guidString.Substring( 24, 6).Trim(),NumberStyles.AllowHexSpecifier);
            guidParts[6] = Int64.Parse(guidString.Substring(30, 6).Trim(), NumberStyles.AllowHexSpecifier);
            return string.Format("{0}.{1}​.{2}.{3}.{4}.{5}.{6}.{7}", oidPrefix, guidParts[0], guidParts[1], guidParts[2], guidParts[3], guidParts[4], guidParts[5], guidParts[6]);    
1 - 10 of 11 Items