Hi,
Yes this is supported scenario and topology for this there are some limitations and you have take care of the attributes and domain name as it cannot be same so Dev has to be Dev.onmicrosoft.com and Prod Prod.onmicrosoft.com and viceversa for custom domain names.
This topology implements the following use cases:
- AADConnect can synchronize the users, groups, and contacts from a single Active Directory to multiple Azure AD tenants. These tenants can be in different Azure environments, such as the Azure China environment or the Azure Government environment, but they could also be in the same Azure environment, such as two tenants that are both in Azure Commercial. For more details on options, see [Planning identity for Azure Government applications] (/azure/azure-government/documentation-government-plan-identity).
- The same Source Anchor can be used for a single object in separate tenants (but not for multiple objects in the same tenant). (The verified domain can't be the same in two tenants. More details are needed to enable the same object to have two UPNs.)
- You will need to deploy an AADConnect server for every Azure AD tenant you want to synchronize to - one AADConnect server cannot synchronize to more than one Azure AD tenant.
- It is supported to have different sync scopes and different sync rules for different tenants.
- Only one Azure AD tenant sync can be configured to write back to Active Directory for the same object. This includes device and group writeback as well as Hybrid Exchange configurations – these features can only be configured in one tenant. The only exception here is Password Writeback – see below.
- It is supported to configure Password Hash Sync from Active Directory to multiple Azure AD tenants for the same user object. If Password Hash Sync is enabled for a tenant, then Password Writeback may be enabled as well, and this can be done on multiple tenants: if the password is changed on one tenant, then password writeback will update it in Active Directory, and Password Hash Sync will update the password in the other tenants.
- It is not supported to add and verify the same custom domain name in more than one Azure AD tenant, even if these tenants are in different Azure environments.
- It is not supported to configure hybrid experiences that utilize forest level configuration in AD, such as Seamless SSO and Hybrid Azure AD Join (non-targeted approach), with more than one tenant. Doing so would overwrite the configuration of the other tenant, making it no longer usable. You can find additional information in Plan your hybrid Azure Active Directory join deployment.
- You can synchronize device objects to more than one tenant but a device can be Hybrid Azure AD Joined to only one tenant.
- Each Azure AD Connect instance should be running on a domain-joined machine.
Check this for reference - https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.