Note: All information below is specifically regarding Office 365. This may
change in the future.
Todo: This page needs cleanup
In most cases it should soft-match based on the primary SMTP address. (see
How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization) If it doesn't, see this page for some ideas:
How to Map OnPrem Active Directory users to existing Office365 Users « Software Development and Infrastructure in the Cloud
Notes on ProxyAddress:
When Password Sync is enabled, the cloud password for a synchronized user is set to “never expires”. This means that the password synchronized to the cloud is still valid after the on-premises password expires Separate from Password Expiration is the “Account Expires” attribute on an on-premises Active Directory account. The “accountExpires” attribute is not synchronized by DirSync, so Office 365 has no awareness of this expiration value