I think the way I'd approach this is:
import all users into FusionAuthAt cutover time:
look at local database to see which password hashes had changed pull the user data from FusionAuth for each of these users delete the user re-import the user with the new password hash and the FusionAuth data, maintaining the same userId (if you provide the UUID, we'll use that)I get that is an additional complexity, but hopefully that helps.