Hi TheRealTy,
I can fully understand that you want to migrate all mailboxes to Exchange Online via cutover migration, and then deploy directory synchronization to sync AD passwords. For a cutover migration, we need to change the MX record to point to Office 365 before deleting the batch.
After the cutover migration is completed, you can convert on-premises mailboxes to mail-enabled users (MEU), and then deploy DirSync. Each on-premise MEU can be matched to its corresponding cloud mailbox. And you do not need to decommission the on-premise Exchange server.
Here is a related article: community.office365.com/.../835.aspx
Note: if you do not want single sign-on, please ignore step 3.
If there is anything unclear, please feel free to let us know.
Thanks,
Young Yang