This reference architecture shows how to create a separate Active Directory domain in Azure that is trusted by domains in your on-premises AD forest.Active Directory Domain Services (AD DS) stores identity information in a hierarchical structure. The top node in the hierarchical structure is known as a forest. A forest contains domains, and domains contain other types of objects. This reference architecture creates an AD DS forest in Azure with a one-way outgoing trust relationship with an on-premises domain. The forest in Azure contains a domain that does not exist on-premises. Because of the trust relationship, logons made against on-premises domains can be trusted for access to resources in the separate Azure domain.

https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-forest