diff --git a/group_vars/all.yml b/group_vars/all.yml
index fd77a4b..530c4b1 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,3 +1,5 @@
+# do NOT create every user on every maschine
+user_mgmt_default_state: absent
 user_mgmt_default:
   crest:
     ssh_key:
diff --git a/host_vars/cloud.emma.ccchb.de.yml b/host_vars/cloud.emma.ccchb.de.yml
index 87608c5..fcef44b 100644
--- a/host_vars/cloud.emma.ccchb.de.yml
+++ b/host_vars/cloud.emma.ccchb.de.yml
@@ -14,8 +14,8 @@ php_fpm_env:
 
 user_mgmt:
   crest:
-    created: true
+    state: present
     groups: sudo
   genofire:
-    created: true
+    state: present
     groups: sudo
diff --git a/host_vars/dn42.emma.ccchb.de.yml b/host_vars/dn42.emma.ccchb.de.yml
index 062fdfb..d4cb802 100644
--- a/host_vars/dn42.emma.ccchb.de.yml
+++ b/host_vars/dn42.emma.ccchb.de.yml
@@ -8,11 +8,11 @@ dns: 213.133.98.98 8.8.8.8
 
 user_mgmt:
   crest:
-    created: true
+    state: present
     groups: sudo
   genofire:
-    created: true
+    state: present
     groups: sudo
   fritz:
-    created: true
+    state: present
     groups: sudo
diff --git a/roles/user_mgmt/defaults/main.yml b/roles/user_mgmt/defaults/main.yml
index 17874ee..d0698df 100644
--- a/roles/user_mgmt/defaults/main.yml
+++ b/roles/user_mgmt/defaults/main.yml
@@ -1,2 +1,6 @@
+---
+user_mgmt_default_state: "present"
+user_mgmt_default_groups: []
+
 user_mgmt_default: {}
 user_mgmt: {}
diff --git a/roles/user_mgmt/tasks/main.yml b/roles/user_mgmt/tasks/main.yml
index 00cdb15..8ec0fe6 100644
--- a/roles/user_mgmt/tasks/main.yml
+++ b/roles/user_mgmt/tasks/main.yml
@@ -5,9 +5,9 @@
 - name: Add User
   user:
     name: "{{ item.key }}"
-    groups: "{{ item.value.groups | default([]) }}"
+    groups: "{{ item.value.groups | default(user_mgmt_default_groups) }}"
     state: present
-  when: item.value.created | default
+  when: (item.value.state | default(user_mgmt_default_state)) == "present"
   with_dict: "{{ _user_mgmt }}"
 
 - name: Add ssh-key to user
@@ -15,7 +15,7 @@
     user: "{{ item.0.key }}"  
     key: "{{ item.1 }}"
     state: present
-  when: _user_mgmt[item.0.key].created | default
+  when: (_user_mgmt[item.0.key].created | default(user_mgmt_default_state)) == "present"
   loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.present') }}"
 
 - name: Remove ssh-key to user
@@ -23,12 +23,12 @@
     user: "{{ item.0.key }}"  
     key: "{{ item.1 }}"
     state: absent
-  when: _user_mgmt[item.0.key].created | default
+  when: (_user_mgmt[item.0.key].created | default(user_mgmt_default_state)) == "present"
   loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.absent') }}"
 
 - name: Remove user
   user:
     name: "{{ item.key }}"
     state: absent
-  when: not (item.value.created | default)
+  when: (item.value.state | default(user_mgmt_default_state)) == "absent"
   with_dict: "{{ _user_mgmt }}"