I'm sure similar situation have come up, but I haven't come across anything that quite fits this situation. It would be best if I just lay out what led up to this mess:

New employee was hired. His user was setup in AD, synced to O365, email setup, everything's fine.

Literally that night the domain controller crashed and had to be restored from backup.

Newly created user was lost in local AD.

Someone recreated his local AD user (presumably incorrectly, or at least without consideration of what would happen on O365 end).

New local AD user synced, creating a second O365 user that has all of his permissions, but incorrect UPN and no email or licensing.

Original orphaned O365 user does not have permissions, but has correct UPN and the user's email and license.

Both users show as synced with on-premises AD and cannot be modified or deleted in the admin center as a result. How do we merge the two O365 users into one that is actually linked to the existing local AD user?

If it would be easier to download his email (there likely isn't much, if any), complete wipe his O365 user(s), and resync him to a whole new user, that would also be acceptable, just not sure how to get that accomplished since the admin center won't let us change anything directly.