OIDs in Windows 2000 Active Directory


I have a question regarding the OID's (Object Identifiers)
of software applications that are used within Windows 2000
(with Active Directory) versus other Windows OS's (i.e.
W2k Professional without Active Directory).

I have a VB application that sends messages to the event
viewer and those messages are then trapped (by evntwin)
and sent via SNMP to our company's SNMP manager.  What
I've noticed is that when I configure a VB application in
W2K Professional, the OID's come out:

But when I configure the same app in Windows 2000 Active
(with Active Directory) the OID's come out:

The last 10 numbers of both strings match up, but the
first couple of numbers are not matching at all.

I believe the issue is around how Microsoft issues OID's
for active directory s/w & h/w vs. non-active directory
s/w & h/w.

Can anybody confirm this or has any experience around this

Thanks in advance

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

May be thin kinl help u.

Object Identifier (OID)
In addition to the attributes that assure uniqueness of a particular object, Active Directory needs a way to assure that objects of the same class all come from the same Schema object. This is done by assigning a unique Object Identifier, or Object Identifier (OID) to each object in the Schema naming context. ISO defines the structure and distribution of OIDs in ISO/IEC 8824:1990, "Information Technology—Open Systems Interconnection—Specification of Abstract Syntax Notation One (ASN. 1)."

ASN.1 provides a mechanism for standards bodies in various countries to enumerate standard data items so that they do not conflict with one other. ASN.1 governs more than just directory services classes and attributes. For example, OIDs are used extensively in SNMP to build hierarchies of Management Information Base (MIB) numbers. They are also assigned to many items associated with the Internet. If you’re interested in the list of organizations that assign OID numbers and their hierarchy, it is available at ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers.

If you ever need to create a new attribute or object class in Active Directory, you must have a unique OID. There are a couple of ways to get one. The first is to apply to ANSI for your own numerical series. This costs a few thousand dollars and takes a while to process. The other is to use the OIDGEN utility from the Resource Kit. This will generate a Class and an Attribute OID out of Microsoft’s address space. The disadvantage to using OIDGEN is that the resultant number is very, very, very long. Here is an example:
Attribute Base OID:
1. 2. 840. 113556. 1. 4. 7000. 233. 180672. 443844. 62. 26102. 2020485. 1873967. 207938
Class Base OID:
1. 2. 840. 113556. 1. 5. 7000. 111. 180672. 443844. 62. 199519. 642990. 1996505. 1182366
ashu_caAuthor Commented:
Thanks for the comment shivsa, but I knew most of the information above.

I still can't figure out why the OID's are different between the two operating systems - anybody have any answers?


To optimize performance, OIDs are maintained in a separated state as a prefix and a suffix. The prefix is the entire OID minus the rightmost (low-order) value. AD stores the prefixes in a table so that it can reference them by an index value. AD then uses the remaining (low-order) part of the OID and the index value for its prefix to identify the classes and attributes. Grouping all your OIDs under common roots keeps the prefix table small. Excessive growth in the prefix table can degrade the performance of the Win2K server hosting AD.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ashu_caAuthor Commented:
Thanks. That explains why on the surface I see only the low-order OID's.  I guess there would be no way to turn off this prefixing, but I would imagine it is an engrained feature in AD.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.