If AAD connect creates a second Office 365 account, you can fix this up with the following steps:
Move user outside sync scope in AD
On the machine that has AAD connect installed, run delta sync
Start-ADSyncSyncCycle -PolicyType Delta
Confirm that duplicate account is gone from the Office 365 admin centre
On a domain controller run the following to get the anchor GUID:
[system.convert]::ToBase64String(((get-aduser ).Objectguid).tobytearray())
On a machine that has the MSOnline powershell module installed, run the following:
If you have not got the MSOnline module installed, run:
Install-Module MSOnline
Import-Module MSOnline
If you are not already connected to MS Online:
Connect-MsolService
Look up the bad UPN by running:
Get-MsolUser -ReturnDeletedUsers
Remove the bad UPN by running:
Remove-MsolUser -UserPrincipalName -RemoveFromRecycleBin
Link the 2 object by running:
Set-MsolUser -UserPrincipalName -ImmutableId ""
Go back to a domain controller and move user back to the correct AD OU
On the machine that has AAD connect installed, run delta sync
Start-ADSyncSyncCycle -PolicyType Delta
Confirm that the account is synced in the Office 365 portal