Free Webinar - Is Your PKI Healthy? The Essential Guide to Comprehensive Assessments! Sign up here

PowerShell PKI Module Documentation

Documentation Home

Register-ObjectIdentifier

Synopsis

Registers new object identifier (OID) either on a local machine, or in Active Directory.

Syntax

Register-ObjectIdentifier [-FriendlyName] <String> [-Value] <String> [-OidGroup] <String> {ApplicationPolicy | IssuancePolicy}  [[-CPSLocation] <Uri>] [[-LocaleId] <CultureInfo>] [-UseActiveDirectory] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]

Description

Registers new object identifier (OID) either on a local machine, or in Active Directory. The command supports OID registration in the following OID groups: ApplicationPolicy (as known as Enhanced Key Usage) or IssuancePolicy (as known as Certificate Policy).

It is possible to register the same OID within both OID groups on the local machine. In an Active Directory, multiple OID group registrations are not allowed. Therefore a particular OID value can be registered only within a single OID group.

Before registering an OID, a company should acquire a delegated OID tree, which is called to OID arc. There are two OID registrars:
1) IANA — https://pen.iana.org/pen/PenApplication.page
2) ISO — https://www.iso.org

In order the command to succeed the caller must be granted with:
1) local administrator permissions — if an OID is registered locally.
2) Enterprise Admins permissions, or delegated Write permissions on OID container in Active Directory, if 'UseActiveDirectory' switch is enabled.

OID container in Active Directory is located under: CN=Public Key Services, CN=Services, <Configuration Naming Context>.

Parameters

-FriendlyName <String>

Specifies a friendly name for the OID to be registered. The name should be up to few words long. For example, when you register a custom certificate policy, then friendly name can be 'Company's smart card policy'.

Required? True
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Value <String>

Specifies a value of the OID to be registered. The value must be a dot-numerical string, for example: 1.2.3.45.678.9.

Required? True
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? False

-OidGroup <String>

Specifies the OID group in which specified OID is registered. Possible values are: 'ApplicationPolicy' or 'IssuancePolicy'. It is possible to register particular OID in each OID group.

Required? True
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? False

-CPSLocation <Uri>

Specifies the location to a document called as Certificate Practice Statement (CPS) which describes the certificate usage policies and rules. This parameter is mandatory if 'OidGroup' is set to 'IssuancePolicy' and 'UseActiveDirectory' switch is enabled. In all other cases, this parameter is ignored.

Required? False
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? False

-LocaleId <CultureInfo>

Specifies the locale ID with which is associated specified OID friendly name. This parameter is used only for culture-variant friendly names and has effect only if 'UseActiveDirectory' switch is enabled.

Required? False
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? False

-UseActiveDirectory <SwitchParameter>

Indicates whether the specified OID information should be registered in Active Directory, instead of local OID database.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Force <SwitchParameter>

By default, the script explicitly prompts you whether you want to register an OID with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-WhatIf <SwitchParameter>

Describes what would happen if you executed the command without actually executing the command.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Confirm <SwitchParameter>

Prompts you for confirmation before executing the command.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

System.String

Outputs

SysadminsLV.PKI.Cryptography.Oid2

Notes

Examples

Example 1

PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy

Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a local OID database.

Example 2

PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy -UseActiveDirectory

Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.

Example 3

PS C:\> Register-ObjectIdentifier -FriendlyName "Contoso Pharmaceuticals smart card policy" -Value "1.3.6.1.4.1.311.999.2" -OidGroup IssuancePolicy -CPSLocation "http://www.contoso.com/cps/documents/scpolicy.pdf" -UseActiveDirectory

Registers an OID value '1.3.6.1.4.1.99999.1.2' and display name 'Contoso Pharmaceuticals smart card policy' as issuance policy (certificate policy) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.

Related links

Get-ObjectIdentifier
Get-ObjectIdentifierEx
Unregister-ObjectIdentifier

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions