Extending Active Directory Schema -- obtaining OIDs


I am trying to extend my AD schema by adding a few attributes.  I understand almost everything I need to do, but the one thing I am stuck on is the "X.500 OID" field when creating the new attribute.  I have searched around but have not found much.  I found a few sites that say I need to generate or obtain new OIDs in order to create attributes.  But as far as I can tell generating them is not advised which leaves me to obtaining them.  I looked all over Microsoft's site but was unable to find how I can obtain new OIDs.  Is this something no one does anymore?  Is there an easier way to create attributes in AD?  Can I make up new OIDs?

Thanks in advance for the help.
Who is Participating?
Todd GerbertConnect With a Mentor IT ConsultantCommented:
I advise caution extending Active Directory schema, if you're working on something internal to your organization, I recommend attempting to make use of pre-existing fields if possible.

You can get an OID from Microsoft (http://msdn.microsoft.com/en-us/library/ms677621(VS.85).aspx), or check with http://www.ansi.org.
sdcoxAuthor Commented:
Thanks for the response.  The only problem is we need to create 8 additional fields and there is not enough existing fields we can convert.  Why do you advise against extending the schema?

Todd GerbertIT ConsultantCommented:
I don't necessarily advise against it, just saying - be careful if you do.  It's not the most straight-forward thing in the world, and it is irreversible.  If you're running Exchange your users should have 15 extensionAttribute fields, which may or may not be of use to you.

Here's a better link for registering an OID: http://pen.iana.org/pen/PenApplication.page
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.