You may actually be able to take advantage of some Jamf Connect extension attributes for this goal even if your environment isn't deploying Jamf Connect.  The one below will show you all the local accounts that are not using Jamf Connect.  Combine that with some regex filtering and you should be able to track down any machine with more than one local user account.
https://github.com/jamf/jamfconnect/blob/main/additional_extension_attributes/Look%20for%20Unmigrated%20Users.sh 

Actually, we are using JAMF Connect! It's not on all of our computers yet tho.
Nice I'll take a look

You could also use an extension attribute for this, I believe. 

@Frank_Sonder , take a look at this thread: https://www.jamf.com/jamf-nation/discussions/18106/creating-smart-group-for-number-of-local-user-accounts.

You can use this for an Extension Attribute.

This works great, thank you! Only tidbit to mention is when using this as an Extension Attribute, I initially had the output set to String. Found it best to have the output set to integer due to the wc -l command that way you can set the EA criteria to "greater than". 

We use this script in our jamf connect environment, the intent is to use it to remove the jamf connect sign in post sign in so other users can't sign in against jamf connect on the same device, so the sign in is individualised, however the dscl value OIDCProvider is not added if the account was pre existing to having jamf connect connected.

Say if the device was installed with jamf connect with the existing user being the same credentials to the jamf connect account signed in. or if in abyss environment the first setup user is a mirror of credentials of the jamf connect account that would be created on sign in. Do you know if there is another location source of information for ?