This detection rule identifies the querying of Active Directory for root domain linked policies using the `[Adsisearcher]` type accelerator in PowerShell. It specifically monitors PowerShell Script Block Logging (EventCode=4104) for suspicious commands that can indicate attempts by adversaries or Red Teams to perform Active Directory discovery. This behavior is critical as it allows malicious actors to gain insight into domain policies which may facilitate further exploitation or lateral movement within an organization's network. By analyzing specific ScriptBlockText patterns associated with querying Active Directory policies, organizations can proactively detect and respond to potential threats.