Hi,
it's going to be tricky. A proper way to implement this would be to use some identity management solution (e.g. SAP IDM). All changes to users would be made in IDM and then they would be propagated to backend systems. In your case same changes would be replicated to golden and backup system. This will require some time and money.
Other option on a shoestring could be to implement this by yourself. In the new release there is a user exit that is called after user is changed. So you you raise an event that would cause a user replication to backup system. Re-using IDocs used by CUA would be probably the simplest option. The only part that could be tricky is to replicate password changes. I don't think that there is a user exit for password change. Also capturing password in plaintext might not be possible.Warning that these custom solution may end costing more than proper solution.
BTW our of curiosity, how is this switch from golden to backup system going to happen? I understand that you want to have same users in both systems but what about other master and transactional data?
Cheers