Hello,
You can refer to the supported topology for AAD connect sync: https://video2.skills-academy.com/en-us/entra/identity/hybrid/connect/plan-connect-topologies#multiple-microsoft-entra-tenants
It is always recommended that for each Azure tenant you should deploy a sync agent for the synchronization, or MS will not support. If you have separate the on-premises forest you could treat them as seperate environment for synchronizaiton scenarios.
For on-premises forests, you could set up forest trust and enable the required ports: https://video2.skills-academy.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts, which will allow the common AD management tasks running properly.
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.