Using Generated OIDs

The Microsoft® Windows® 2000 Resource Kit includes a command line utility, OIDGEN.EXE, that generates valid OID's. The OIDs are generated using a base OID from the Microsoft branch of the ISO OID tree, and a Globally Unique Identifier (GUID) generated each time the program is run.

D:\src>oidgen
Attribute Base OID: 1.2.840.113556.1.4.7000.233.2014652.180672.30.178511.21908.1227698.1827074
    Class Base OID: 1.2.840.113556.1.5.7000.111.2014652.180672.30.178511.21908.1227698.1827075

Note that OIDGEN produces two OIDs: an "Attribute Base OID" and a "Class Base OID". Run OIDGEN once for your organization and then manage the OID space beneath these roots. For example, given the generated OIDs above, the OID for your first new object class would be:

1.2.840.113556.1.5.7000.111.2014652.180672.30.178511.21908.1227698.1827075.1

and the OID for your first new attribute would be:

1.2.840.113556.1.4.7000.233.2014652.180672.30.178511.21908.1227698.1827074.1

and so on. Grouping all of the OIDs for your organization under common roots is required. Microsoft Active Directory™ maintains an internal table of OIDs; to optimize performance, OIDs are broken into a "prefix" and "suffix". The prefix is the entire OID minus the rightmost (low-order) value. The prefixes are stored in a table so they can be referenced by an index value. The remaining (low-order) part of OID and the index value for its prefix are then used to identify the classes and attributes. Grouping all of your OIDs under common roots keeps the prefix table small. Excessive growth in the prefix table can hurt performance.