Schema Object Identifiers OIDs

see also:Schema Object Identifiers OIDs

Every object in Active Directory has required and optional attributes. The required attributes includes the Object Identifier ( OID ). The idea is analogous to internet addresses but instead of defining networks and subnets, the OIDs are used to define object classes and attributes. Unlike TCP/IP addresses there is no limitation to the length of the dotted notation. Like IP networks, there are multiple registrars to get your own OID. OIDs are owned by corporations, for example, Microsoft's OID is 1.3.6.1.4.1.311. To make some sense of the OID:

• 1.3.6.1.4.1 - IANA-registered Private Enterprises
• 1.3.6.1.4 - Internet Private
• 1.3.6.1 - OID assignments from 1.3.6.1 - Internet OID root for the Internet
• 1.3.6 - US Department of Defense
• 1.3 - ISO Identified Organization
• 1 - ISO assigned OIDs

If you do a search for Microsoft, part of what you find will be:

• 1.2.840.113556.1.4.1302 - Microsoft OID used with DEN Attributes
• 1.2.840.113556.1.4 - Microsoft OID used with DEN
• 1.2.840.113556.1 - Microsoft OID used with DEN
• 1.2.840.113556.3.10.1 - Microsoft MAPI TNEF
• 1.2.840.113556.3.10.2 - Microsoft MAPI Attachment - generic mapi attachment
• 1.2.840.113556.3.10 - Microsoft MAPI OIDs
• 1.2.840.113556.3 - Microsoft OIDs (MAPI?)
• 1.2.840.113556.4.2 - Microsoft Word
• 1.2.840.113556.4.3 - Microsoft Excel
• 1.2.840.113556.4.5 - Microsoft PowerPoint
• 1.2.840.113556.4.6 - Microsoft Works
• 1.2.840.113556.4 - Microsoft file formats
• 1.2.840.113556.5.1 - Microsoft Exchange
• 1.2.840.113556 - Microsoft
• 1.2.840 - USA
• 1.3.6.1.4.1.311.10.3.3 - Microsoft Server Gated Crypto (msSGC)
• 1.3.6.1.4.1.311 - Microsoft
• 2.23.42.9.33 - id-set-Microsoft
• 2.23.42.9 - SET Vendors

The top levels are

• 0 - ITU-T assigned
• 1 - ISO assigned
• 2 - Joint ISO/ITU-T assignment

You can do searches (again analogous to internet domain names). Individuals as well as organizations can get their own registered OID. But getting back to Active Directory, the schema will contain definitions of all object classes including the OID. Expect vendors to start registering their own object classes as OIDs. If your organizations has internal development projects, you should get an OID for your organization (if you do not already have one - many corporations already do) and use it to manage whatever objects you need to define to AD schema. Like domain names, get a reqistered name, that OID, to avoid object clashes. Everything defined under your OID is unique and under your control. You can have as many sublevels as your development environment requires.

If you are not sick of OIDs by now, for more information that you ever wanted to know about OIDs, or if you want to search the OID dbs, see the OID Web page.