Solved

OIDs in Windows 2000 Active Directory

Posted on 2003-10-27
4
917 Views
Last Modified: 2008-05-30
Hi,

I have a question regarding the OID's (Object Identifiers)
of software applications that are used within Windows 2000
(with Active Directory) versus other Windows OS's (i.e.
W2k Professional without Active Directory).

I have a VB application that sends messages to the event
viewer and those messages are then trapped (by evntwin)
and sent via SNMP to our company's SNMP manager.  What
I've noticed is that when I configure a VB application in
W2K Professional, the OID's come out:

1.3.6.1.4.1.311.1.13.1.9.69.79.68.66.107.105.109.111.118

But when I configure the same app in Windows 2000 Active
(with Active Directory) the OID's come out:

1.3.9.69.79.68.66.107.105.109.111.118

The last 10 numbers of both strings match up, but the
first couple of numbers are not matching at all.

I believe the issue is around how Microsoft issues OID's
for active directory s/w & h/w vs. non-active directory
s/w & h/w.

Can anybody confirm this or has any experience around this
issue?

Thanks in advance
Aashish
.

0
Comment
Question by:ashu_ca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9628600
May be thin kinl help u.

http://www.windowsitlibrary.com/Content/716/06/6.html
-------
Object Identifier (OID)
In addition to the attributes that assure uniqueness of a particular object, Active Directory needs a way to assure that objects of the same class all come from the same Schema object. This is done by assigning a unique Object Identifier, or Object Identifier (OID) to each object in the Schema naming context. ISO defines the structure and distribution of OIDs in ISO/IEC 8824:1990, "Information Technology—Open Systems Interconnection—Specification of Abstract Syntax Notation One (ASN. 1)."

ASN.1 provides a mechanism for standards bodies in various countries to enumerate standard data items so that they do not conflict with one other. ASN.1 governs more than just directory services classes and attributes. For example, OIDs are used extensively in SNMP to build hierarchies of Management Information Base (MIB) numbers. They are also assigned to many items associated with the Internet. If you’re interested in the list of organizations that assign OID numbers and their hierarchy, it is available at ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers.

If you ever need to create a new attribute or object class in Active Directory, you must have a unique OID. There are a couple of ways to get one. The first is to apply to ANSI for your own numerical series. This costs a few thousand dollars and takes a while to process. The other is to use the OIDGEN utility from the Resource Kit. This will generate a Class and an Attribute OID out of Microsoft’s address space. The disadvantage to using OIDGEN is that the resultant number is very, very, very long. Here is an example:
C:\>oidgen
Attribute Base OID:
1. 2. 840. 113556. 1. 4. 7000. 233. 180672. 443844. 62. 26102. 2020485. 1873967. 207938
Class Base OID:
1. 2. 840. 113556. 1. 5. 7000. 111. 180672. 443844. 62. 199519. 642990. 1996505. 1182366
0
 

Author Comment

by:ashu_ca
ID: 9628683
Thanks for the comment shivsa, but I knew most of the information above.

I still can't figure out why the OID's are different between the two operating systems - anybody have any answers?

Aashish
0
 
LVL 24

Accepted Solution

by:
shivsa earned 125 total points
ID: 9629061
http://www.microsoft.com/msj/0100/activedir/activedir.aspx

To optimize performance, OIDs are maintained in a separated state as a prefix and a suffix. The prefix is the entire OID minus the rightmost (low-order) value. AD stores the prefixes in a table so that it can reference them by an index value. AD then uses the remaining (low-order) part of the OID and the index value for its prefix to identify the classes and attributes. Grouping all your OIDs under common roots keeps the prefix table small. Excessive growth in the prefix table can degrade the performance of the Win2K server hosting AD.
0
 

Author Comment

by:ashu_ca
ID: 9630678
Thanks. That explains why on the surface I see only the low-order OID's.  I guess there would be no way to turn off this prefixing, but I would imagine it is an engrained feature in AD.

Aashish
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question