[Webinar] Learn how to a build a cloud-first strategyRegister Now


Extending Active Directory Schema -- obtaining OIDs

Posted on 2009-12-16
Medium Priority
Last Modified: 2012-05-08

I am trying to extend my AD schema by adding a few attributes.  I understand almost everything I need to do, but the one thing I am stuck on is the "X.500 OID" field when creating the new attribute.  I have searched around but have not found much.  I found a few sites that say I need to generate or obtain new OIDs in order to create attributes.  But as far as I can tell generating them is not advised which leaves me to obtaining them.  I looked all over Microsoft's site but was unable to find how I can obtain new OIDs.  Is this something no one does anymore?  Is there an easier way to create attributes in AD?  Can I make up new OIDs?

Thanks in advance for the help.
Question by:sdcox
  • 2
LVL 33

Accepted Solution

Todd Gerbert earned 2000 total points
ID: 26066981
I advise caution extending Active Directory schema, if you're working on something internal to your organization, I recommend attempting to make use of pre-existing fields if possible.

You can get an OID from Microsoft (http://msdn.microsoft.com/en-us/library/ms677621(VS.85).aspx), or check with http://www.ansi.org.

Author Comment

ID: 26071317
Thanks for the response.  The only problem is we need to create 8 additional fields and there is not enough existing fields we can convert.  Why do you advise against extending the schema?

LVL 33

Expert Comment

by:Todd Gerbert
ID: 26072472
I don't necessarily advise against it, just saying - be careful if you do.  It's not the most straight-forward thing in the world, and it is irreversible.  If you're running Exchange your users should have 15 extensionAttribute fields, which may or may not be of use to you.

Here's a better link for registering an OID: http://pen.iana.org/pen/PenApplication.page

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question