Directory Services

Object Identifiers

Object Identifiers (OIDs) are unique numeric values, issued by various "Issuing Authorities" to uniquely identify data elements, syntaxes, and various other parts of distributed applications. OIDs are found in OSI applications, X.500 Directories, SNMP, and other applications where uniqueness is important. OIDs are based on a tree structure, in which a superior issuing authority, such as the ISO, allocates a "branch" of the tree to a subauthority, who in turn can allocate subbranches.

The LDAP protocol (RFC 2251) requires a directory service to identify object classes, attributes, and syntaxes with OIDs. This is part of the LDAP X.500 legacy.

OIDs in Active Directory include some issued by the ISO for X.500 classes and attributes, and some issued by Microsoft and other issuing authorities. OID notation is a dotted string of numbers, for example 1.2.840.113556.1.5.4, which is described in the following table.

Value Description
1 ISO – the "root authority".
2 ANSI – "1.2" issued by ISO.
840 USA – "1.2.840" issued by ANSI.
113556 Microsoft – "1.2.840.113556" issued by USA.
1 Microsoft – Active Directory Service
5 Microsoft – Active Directory Service: Classes
4 Microsoft – Active Directory Service: Classes: Builtin-Domain

For more information, and a discussion of two procedures for obtaining valid OIDs for use in extending the Active Directory schema, see Obtaining an Object Identifier.