The domain hierarchy in the Windows Active Directory system. A tree is a group of domains that have the same DNS name; for example, abc.com (the top domain), sales.abc.com and support.abc.com (the child domains). A forest is a collection of trees, which can be treated as one administrative unit by the user designated as Enterprise Administrator (EA), and Active Directory automatically manages trusts between domains. For security purposes, organizations have set up multiple forests, but trusts between forests must be managed manually by the administrator. See Cross-Forest Trust, transitive trust and Active Directory.