Puppet has a built in user type and we can add a user with it but it doesn't get one important item to make them an admin user - an authentication authority.
The real snecret is that this includes a ShadowHash that appears to be different for each user but the same for the same user on different machies if all other details are the same so just copy localadmin.plist from one machine to another.
We also have to add them as a group member to “admin.plist” in the dslocal groups.
userGUID="$(dscl /Local/Default -read /Users/ladmin GeneratedUID | awk '{ print $2 }')"
sudo dscl /Local/Default -merge "/Groups/admin" GroupMembers $userGUID
sudo dscl /Local/Default -merge "/Groups/admin" users localadmin
The account password shadow hash is stored in /private/var/db/shadow/hash/$userGUID and /private/var/db/shadow/hash/$userGUID.state
The details of the account are in /private/var/db/dslocal/nodes/Default/users/localadmin.plist
So given all this we can add the user 'localadministrator' by copying those three files and then running the script. If we set up all the other things we want for that user then also copying their home folder might be a good idea.