The System.DirectoryServices.ActiveDirectoryAuditRule is used to set an access control entry (ACE) on a system access control list (SACL). The System.DirectoryServices.ActiveDirectoryAccessRule contains the trustee, which is represented as an System.Security.AccessControl.AuthorizationRule.IdentityReference object. It also contains information about the access control type, access mask, and other properties such as inheritance flags. This rule is set on an System.DirectoryServices.ActiveDirectorySecurity object. After the System.DirectoryServices.ActiveDirectorySecurity is committed to the directory store, it will modify the security descriptor object according to the rules that are set on System.DirectoryServices.ActiveDirectoryAuditRule.