Definition of Object Identifier in Network Encyclopedia.

What is Object Identifier?

Object Identifier is a globally unique identifier for an object’s class in Active Directory. An object identifier for an attribute remains unchanged even when the distinguished name of the object is modified because of system configuration changes.

Object identifiers ensure that when Active Directory is integrated with other directory systems such as Novell Directory Services (NDS), X.500, or Simple Network Management Protocol (SNMP), no conflicts occur between them. Each class of object in Active Directory has a unique object identifier that is externally assigned by an issuing authority.

In the United States, the issuing authority is the American National Standards Institute (ANSI). The International Organization for Standardization (ISO) maintains a list of the world’s issuing authorities. An object’s attributes also require unique object identifiers.

---

Obtaining an Object Identifier from Microsoft

If you want to create new classes of objects or new attributes in Active Directory using Active Directory Schema Manager, you must obtain an object identifier for your organization.

An example of an object identifier for a U.S. company is 1.2.840.105670, where 1.2.840 is assigned to U.S. companies and 105670 is the number assigned to the specific company. Once your company has an object identifier, you can extend it by appending dotted decimal portions. So if 1.2.840.105670 represents Northwind Traders, 1.2.840.105670.27 might represent the Sales division, 1.2.840.105670.33 might represent the Support division, and so on. Further levels of subdivision are also possible.

To extend the Active Directory schema successfully you can obtain a root OID from a script available at https://go.microsoft.com/fwlink/p/?linkid=2014651. The OIDs generated from the script are unique; they are mapped from a unique GUID. Please read the best practices carefully as poorly handled OIDs can result in data loss.