This detection rule identifies WRITE_DAC access attempts made to Active Directory (AD) objects within a Windows security context. Specifically, it monitors for the Event ID 4662, which indicates that a security descriptor modification activity has occurred on AD domain objects. The rule is configured to track attempts where the Access Mask includes WRITE_DAC (represented by the hexadecimal value 0x40000), which is crucial for changing the permissions of the objects. The objects being monitored fall under the specified GUIDs (19195a5b-6da0-11d0-afd3-00c04fd930c9 for a domain object and 'domainDNS' for DNS domain objects). The rule is tagged with characteristics related to defense evasion tactics (attack.defense-evasion) and a specific MITRE attack under T1222.001, indicating its relevance in tracking and mitigating potentially malicious activities in AD systems.