Is it possible to have multiple Azure tenants that reference the same on premises Active Directory

Question

Imagine that a large company that has a number of subsidiaries. A shared IT company manages the Active Directory (and almost all other IT services) centrally for all subsidiaries. There also currently exists an Azure tenant which is connected to the On Premises Active Directory, however for issues surrounding who controls/owns which resources employees cannot use this Azure tenant.

One of the subsidiaries decides it wants to create it's own Azure tenant so it can progress it's development work. However that company is told that "Only a single federation to an Azure tenant is currently supported per Active Directory Domain".

I found this document. Would it be reasonable to presume that if the company consisted of the Contoso implementation that it would still be possible to federate 2 azure tenants to that single On Premises Active Directory. Are there any reasons why one implementation of On Premises Active Directory would be capable of this functionality and another not.

Answer 1

Yes, you can do this but you can only have one AD Connect instance per tenant as there is a 1:1 relationship between an Azure AD Connect Sync server and an Azure AD tenant. So you need to register three separate UPN suffixes for each tenant with the on-premises Active Directory and use three separate sync servers (one for each tenant). You need to apply filtering while syncing AD users for each tenant.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-single-adfs-multitenant-federation