diff --git a/ad-auth/defaults/main.yml b/ad-auth/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..088dcded5e128e57a349e024e9cd2888244487d1
--- /dev/null
+++ b/ad-auth/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+ad_admin_group: admin
diff --git a/ad-auth/files/sudo/admin b/ad-auth/files/sudo/admin
deleted file mode 100644
index 56838a907ae44c9e0a36c8efdda54d8ed7e48a60..0000000000000000000000000000000000000000
--- a/ad-auth/files/sudo/admin
+++ /dev/null
@@ -1 +0,0 @@
-%admin ALL=(ALL:ALL) ALL
diff --git a/ad-auth/tasks/sudo.yml b/ad-auth/tasks/sudo.yml
index 1698aae656256d3b66cf3a7f4f4a1dd166905558..ad49eb860236457435edc5545e52ab81a47e3e43 100644
--- a/ad-auth/tasks/sudo.yml
+++ b/ad-auth/tasks/sudo.yml
@@ -2,7 +2,7 @@
 # file: roles/ad-auth/tasks/sudo.yml
 
 - name: ensure users of group admin are in the sudoers
-  copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
+  template: src=sudo.j2 dest=/etc/sudoers.d/admin owner=root group=root mode=0440
   notify:
     - check sudo config
   tags:
diff --git a/ad-auth/templates/sudo.j2 b/ad-auth/templates/sudo.j2
new file mode 100644
index 0000000000000000000000000000000000000000..cc00bead48c1c1d4e6e20b4a0ec1e059b9e3cd5a
--- /dev/null
+++ b/ad-auth/templates/sudo.j2
@@ -0,0 +1 @@
+%{{ ad_admin_group }} ALL=(ALL:ALL) ALL