My advice. As mentioned, add the users into the local admin group , since as you already discovered, the "Allow administration by" setting only works when the Mac is in range of your domain controller(s), but don't use dscl append for this. its not intelligent and will happily add in multiple entries of the same account each time its run into the group, potentially leaving you with a mess to clean up later should you decide to remove someone from the admin group.
Apple's sanctioned way of doing this is with dseditgroup. It doesn't have the same problem mentioned above.
You can run the following as a login script on each Mac.
#!/bin/sh
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
/usr/sbin/dseditgroup -o edit -a $loggedInUser -t user admin
Note that you could also use $3 with a login script instead of capturing the logged in user as above. I personally prefer to get that information myself in my scripts since it makes them easier to run in various contexts, but I did want to mention that.
BTW, this topic has actually been covered here on JAMFNation in possibly a half dozen or more threads. Not sure if you searched and they just didn't come up, but they are definitely there.
