PowerShell PKI Module Documentation
Documentation HomeRegister-ObjectIdentifier
Synopsis
Registers new object identifier (OID) either on a local machine, or in Active Directory.
Syntax
Register-ObjectIdentifier [-FriendlyName] <String> [-Value] <String> [-OidGroup] <String> {ApplicationPolicy | IssuancePolicy} [[-CPSLocation] <Uri>] [[-LocaleId] <CultureInfo>] [-UseActiveDirectory] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
Description
Registers new object identifier (OID) either on a local machine, or in Active Directory. The command supports OID registration in the following OID groups: ApplicationPolicy (as known as Enhanced Key Usage) or IssuancePolicy (as known as Certificate Policy).
It is possible to register the same OID within both OID groups on the local machine. In an Active Directory, multiple OID group registrations are not allowed. Therefore a particular OID value can be registered only within a single OID group.
Before registering an OID, a company should acquire a delegated OID tree, which is called to OID arc. There are two OID registrars:
1) IANA — https://pen.iana.org/pen/PenApplication.page
2) ISO — https://www.iso.org
In order the command to succeed the caller must be granted with:
1) local administrator permissions — if an OID is registered locally.
2) Enterprise Admins permissions, or delegated Write permissions on OID container in Active Directory, if 'UseActiveDirectory' switch is enabled.
OID container in Active Directory is located under: CN=Public Key Services, CN=Services, <Configuration Naming Context>.
Parameters
-FriendlyName <String>
Specifies a friendly name for the OID to be registered. The name should be up to few words long. For example, when you register a custom certificate policy, then friendly name can be 'Company's smart card policy'.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Value <String>
Specifies a value of the OID to be registered. The value must be a dot-numerical string, for example: 1.2.3.45.678.9.
Required? | True |
Position? | 1 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-OidGroup <String>
Specifies the OID group in which specified OID is registered. Possible values are: 'ApplicationPolicy' or 'IssuancePolicy'. It is possible to register particular OID in each OID group.
Required? | True |
Position? | 2 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-CPSLocation <Uri>
Specifies the location to a document called as Certificate Practice Statement (CPS) which describes the certificate usage policies and rules. This parameter is mandatory if 'OidGroup' is set to 'IssuancePolicy' and 'UseActiveDirectory' switch is enabled. In all other cases, this parameter is ignored.
Required? | False |
Position? | 3 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-LocaleId <CultureInfo>
Specifies the locale ID with which is associated specified OID friendly name. This parameter is used only for culture-variant friendly names and has effect only if 'UseActiveDirectory' switch is enabled.
Required? | False |
Position? | 4 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-UseActiveDirectory <SwitchParameter>
Indicates whether the specified OID information should be registered in Active Directory, instead of local OID database.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Force <SwitchParameter>
By default, the script explicitly prompts you whether you want to register an OID with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-WhatIf <SwitchParameter>
Describes what would happen if you executed the command without actually executing the command.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Confirm <SwitchParameter>
Prompts you for confirmation before executing the command.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
Outputs
SysadminsLV.PKI.Cryptography.Oid2
Notes
Examples
Example 1
PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy
Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a local OID database.
Example 2
PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy -UseActiveDirectory
Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.
Example 3
PS C:\> Register-ObjectIdentifier -FriendlyName "Contoso Pharmaceuticals smart card policy" -Value "1.3.6.1.4.1.311.999.2" -OidGroup IssuancePolicy -CPSLocation "http://www.contoso.com/cps/documents/scpolicy.pdf" -UseActiveDirectory
Registers an OID value '1.3.6.1.4.1.99999.1.2' and display name 'Contoso Pharmaceuticals smart card policy' as issuance policy (certificate policy) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.
Related links
Get-ObjectIdentifier
Get-ObjectIdentifierEx
Unregister-ObjectIdentifier
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions