PowerShell PKI Module Documentation
Documentation HomeUnregister-ObjectIdentifier
Synopsis
Unregisters object identifier (OID) information from local computer, Active Directory or both sources.
Syntax
Unregister-ObjectIdentifier [-Value] <Oid> [[-OidGroup] <OidGroup>] [-UseActiveDirectory] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
Description
Unregisters object identifier (OID) information from local computer, Active Directory or both sources. Additionally, the command accepts pipeline input from the following commands: Get-ObjectIdentifier and Get-ObjectIdentifierEx.
In order the command to succeed the caller must be granted with:
1) local administrator permissions — if an OID is registered locally.
2) Enterprise Admins permissions, or delegated Write permissions on OID container in Active Directory, if 'UseActiveDirectory' switch is set to 'true'.
OID container in Active Directory is located under: CN=Public Key Services, CN=Services, <Configuration Naming Context>.
Note: you need to restart application to reflect changes, because OIDs are cached within a process.
Parameters
-UseActiveDirectory <SwitchParameter>
Specifies whether to perform registration removal from Active Directory too.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | False |
| Accept wildcard characters? | True |
-Force <SwitchParameter>
By default, the script explicitly prompts you whether you want to remove OID registration with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration removal.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | False |
| Accept wildcard characters? | False |
-WhatIf <SwitchParameter>
Describes what would happen if you executed the command without actually executing the command.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | False |
| Accept wildcard characters? | False |
-Confirm <SwitchParameter>
Prompts you for confirmation before executing the command.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | False |
| Accept wildcard characters? | False |
-Value <Oid>
Specifies an OID friendly name, value or SysadminsLV.PKI.Cryptography.Oid2 object that contains information about OID to unregister. Only specified instance is unregistered. By default, the command attempts to unregister specified OID information from local machine only. In order to unregister OID information in Active Directory, use 'UseActiveDirectory' switch.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | True |
| Accept wildcard characters? | False |
-OidGroup <OidGroup>
Specifies the OID group to unregister the OID from. By default, all OID registrations that match OID value will be removed.
| Required? | False |
| Position? | 1 |
| Default value | All |
| Accept pipeline input? | False |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216)
Inputs
SysadminsLV.PKI.Cryptography.Oid2
Outputs
None.
Notes
Examples
Example 1
PS C:\> Unregister-ObjectIdentifier -Value "Remote Desktop Authentication" -UseActiveDirectory
Unregisters a custom OID that was previously registered in Active Directory.
Example 2
PS C:\> Get-ObjectIdentifierEx -Value "Company smart card policy" -UseActiveDirectory | Unregister-ObjectIdentifier
Gets information about OID registration with friendly name 'Company smart card policy' and deletes all OID registrations from local system and Active Directory.
Related links
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions
- Windows Server 2025 all editions