Hello @Jeremy Cornwell ,
Thanks for reaching out.
Are you attempting to match/merge individual user accounts in On-premises and Azure AD based on UPN? If this is the case, you do not need to create any inbound transformation rules in the Azure AD connect sync tool; instead, you may utilize the soft match feature to match users accounts when their UPN or SMTP match across objects in the cloud and on-premises.
To learn more about Hard-match vs Soft-match, refer following links. Please help me in better understanding if I have missed something. Thanks
UPN matching , SMTP matching , Azure AD Connect: When you have an existing tenant and Azure AD Connect sync service features.
Hope this was helpful.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.