Lots of questions here and many variables.
first...is the machine accepting and running its policies? If it is then that lets us know that the machine is checking in and reporting back normally. You brought up that the machine only has a single local account. Is it bound to AD? If it is, you should be able to use a domain admin account, login and take control provided that mechanism is working.
If it is phoning home and running policies successfully, you should be able to write a policy using the local accounts payload to create a new local account, give it admin rights and login with that once you see the policy was successfully completed (you'd want to use startup, shutdown or recurring check triggers.)
If FileVault is involved, then we get a little messier, but if it is, I'm hoping you used an institutional recovery key or escrowed the user recovery key using Jamf Pro.
If FileVault is not involved and the machine is accepting packages for installation, another trick you could do is to use Greg Neagle's pycreateuserpkg and write an installer package that would add a user account (https://github.com/gregneagle/pycreateuserpkg)
Hopefully this gives you some food for thought. You may not be able to do any of that if the machine is not connecting properly to a network, has boot issues, or whatnot. Hopefully if nothing else, you have someone on the ground there to verify that it's turned on and if it's capable of being "jacked in" that it is connected.
