I thought UserPrincipalName (UPN) are single valued per user in the Directory, but when I run an LDAP query for a specific user, I get the UPN: AO0S0020@mydomain.local,
And when running an OAuth (OpenId Connect) authorization against Azure AD (which is synced using AD Connect), I see that the claims UPN for the same user: nati@mydomain.com
What am I missing here?
You are missing the concept of Alternate login id.
It seems your Azure AD connect is configured with alternate login id. Thus the difference.