Hi @Hunter ,
Thanks for your post!
Are you attempting to match or merge the individual user account in On-premises and Azure AD based on the UPN? If this is the case, you can use soft matching to match users accounts when their UPN or SMTP match across objects in the cloud and on-premises, or hard matching based on the sourceAnchor/ImmutableID.
To learn more about Hard-match vs Soft-match, please refer to the UPN matching guide and the guide, When You Already Have an Azure AD.
As you correctly pointed out, the synchronization only flows from on-premises to Azure and user writeback is not supported, so matching the attributes or deleting and starting over are the two ways to go.
I hope this helps!
If this information helped you, please remember to Accept the answer so that others in the community searching for similar answers can more easily find a solution.