diff --git a/README.md b/README.md
index e43c394187fb69b0c23f25c3467228734f2a5552..2faef0129536777701a52150b8b878b1b83d93c5 100644
--- a/README.md
+++ b/README.md
@@ -47,9 +47,10 @@ But, the module is more an idempotent installer of FreeIPA. So changing a value
 
 ## Usage
 
-### Example usage:
+### Examples of usage:
+
+Deploy an IPA master :
 
-Creating an IPA master :
 ```puppet
 class {'freeipa':
     ipa_role                    => 'master',
@@ -66,7 +67,8 @@ class {'freeipa':
 }
 ```
 
-Adding a replica:
+Add a replica:
+
 ```puppet
 class {'freeipa':
     ipa_role             => 'replica',
@@ -83,7 +85,8 @@ class {'freeipa':
 }
 ```
 
-Adding a client:
+Add a client:
+
 ```puppet
 class {'freeipa':
 ipa_role             => 'client',
@@ -94,6 +97,14 @@ ipa_master_fqdn      => 'ipa-server-1.example.lan',
 }
 ```
 
+Create an admin account with task :
+
+`bolt task run freeipa::manage_admin operator_login='mylogin' operator_password='mysecret' ensure='present' login='jaimarre' firstname='Jean' lastname='Aimarre' password='newadminsecret' --nodes <ipamaster> --modulepath ~/modules`
+
+Delete an admin account with task :
+
+`bolt task run freeipa::manage_admin operator_login='mylogin' operator_password='mysecret' ensure='present' login='jaimarre' --nodes <ipamaster> --modulepath ~/modules`
+
 ### REFERENCE
 
 A full description can be found in `REFERENCE.md`.
diff --git a/REFERENCE.md b/REFERENCE.md
index 7138668803811485b3ec3f45d9f6e0c2d958a7d9..ab1bb1f6bc9ce21763d65087df3458d16a1662fd 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -23,7 +23,7 @@ _Private Classes_
 
 **Tasks**
 
-* [`create_admin`](#create_admin): Create a new FreeIPA admin account
+* [`manage_admin`](#manage_admin): Create a new FreeIPA admin account
 
 ## Classes
 
@@ -353,7 +353,7 @@ include freeipa::install::autofs
 
 ## Tasks
 
-### create_admin
+### manage_admin
 
 Create a new FreeIPA admin account
 
@@ -377,23 +377,29 @@ Password of operator running the task
 
 Data type: `String[1]`
 
-Login name of created administrator account
+Login name of managed administrator account
+
+##### `ensure`
+
+Data type: `Enum['present','absent']`
+
+Whether the login account should exist or not
 
 ##### `firstname`
 
-Data type: `String[1]`
+Data type: `Optional[String[1]]`
 
-First name of created administrator account
+First name of managed administrator account
 
 ##### `lastname`
 
-Data type: `String[1]`
+Data type: `Optional[String[1]]`
 
-Last name of created administrator account
+Last name of managed administrator account
 
 ##### `password`
 
-Data type: `String[8]`
+Data type: `Optional[String[8]]`
 
-Password of created administrator account
+Password of managed administrator account
 
diff --git a/spec/acceptance/02_create_admin_spec.rb b/spec/acceptance/02_create_admin_spec.rb
index 81609c654d9d72f382f3a6218001423b2fd386b2..5ae7b6075beae3e819ecf5ed457aba5b012ffba9 100644
--- a/spec/acceptance/02_create_admin_spec.rb
+++ b/spec/acceptance/02_create_admin_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper_acceptance'
 require 'beaker-task_helper/inventory'
 require 'bolt_spec/run'
 
-describe 'create_admin task' do
+describe 'manage_admin task' do
   include Beaker::TaskHelper::Inventory
   include BoltSpec::Run
 
@@ -14,14 +14,29 @@ describe 'create_admin task' do
     hosts_to_inventory
   end
 
-  it 'creates admin account' do
-    # rubocop:disable Style/BracesAroundHashParameters
-    result = run_task(
-      'freeipa::create_admin',
-      'master',
-      { 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'login' => 'jaimarre', 'firstname' => 'Jean', 'lastname' => 'Aimarre', 'password' => 'adminsecret' }
-    )
-    # rubocop:enable Style/BracesAroundHashParameters
-    expect(result.first).to include('status' => 'success')
+  context 'with ensure present' do
+    it 'creates admin account' do
+      # rubocop:disable Style/BracesAroundHashParameters
+      result = run_task(
+        'freeipa::manage_admin',
+        'master',
+        { 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'ensure' => 'present', 'login' => 'jaimarre', 'firstname' => 'Jean', 'lastname' => 'Aimarre', 'password' => 'adminsecret' }
+      )
+      # rubocop:enable Style/BracesAroundHashParameters
+      expect(result.first).to include('status' => 'success')
+    end
+  end
+
+  context 'with ensure absent' do
+    it 'deletes admin account' do
+      # rubocop:disable Style/BracesAroundHashParameters
+      result = run_task(
+        'freeipa::manage_admin',
+        'master',
+        { 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'ensure' => 'absent', 'login' => 'jaimarre' }
+      )
+      # rubocop:enable Style/BracesAroundHashParameters
+      expect(result.first).to include('status' => 'success')
+    end
   end
 end
diff --git a/tasks/create_admin.json b/tasks/create_admin.json
deleted file mode 100644
index 3a52e22eba5ee7c6eadc09644216623d651b0949..0000000000000000000000000000000000000000
--- a/tasks/create_admin.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "puppet_task_version": 1,
-  "supports_noop": false,
-  "description": "Create a new FreeIPA admin account",
-  "parameters": {
-    "operator_login": {
-        "description": "FreeIPA login of operator running the task",
-        "type": "String[1]"
-    },
-    "operator_password": {
-        "description": "Password of operator running the task",
-        "type": "String[1]"
-    },
-    "login": {
-        "description": "Login name of created administrator account",
-        "type": "String[1]"
-    },
-    "firstname": {
-        "description": "First name of created administrator account",
-        "type": "String[1]"
-    },
-    "lastname": {
-        "description": "Last name of created administrator account",
-        "type": "String[1]"
-    },
-    "password": {
-        "description": "Password of created administrator account",
-        "type": "String[8]"
-    }
-  }
-}
diff --git a/tasks/manage_admin.json b/tasks/manage_admin.json
new file mode 100644
index 0000000000000000000000000000000000000000..8e962bf85e33535022d7717d31beb79b9aa25839
--- /dev/null
+++ b/tasks/manage_admin.json
@@ -0,0 +1,35 @@
+{
+  "puppet_task_version": 1,
+  "supports_noop": false,
+  "description": "Create a new FreeIPA admin account",
+  "parameters": {
+    "operator_login": {
+      "description": "FreeIPA login of operator running the task",
+      "type": "String[1]"
+    },
+    "operator_password": {
+      "description": "Password of operator running the task",
+      "type": "String[1]"
+    },
+    "login": {
+      "description": "Login name of managed administrator account",
+      "type": "String[1]"
+    },
+    "ensure": {
+      "description": "Whether the login account should exist or not",
+      "type": "Enum['present','absent']"
+    },
+    "firstname": {
+      "description": "First name of managed administrator account",
+      "type": "Optional[String[1]]"
+    },
+    "lastname": {
+      "description": "Last name of managed administrator account",
+      "type": "Optional[String[1]]"
+    },
+    "password": {
+      "description": "Password of managed administrator account",
+      "type": "Optional[String[8]]"
+    }
+  }
+}
diff --git a/tasks/create_admin.sh b/tasks/manage_admin.sh
similarity index 81%
rename from tasks/create_admin.sh
rename to tasks/manage_admin.sh
index 9d8425edf64d94c7976ff7719ff157ba3173ed0b..61b0ed5cea8361d7b2e39e7bc1a2991ada20c2ce 100644
--- a/tasks/create_admin.sh
+++ b/tasks/manage_admin.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Create an admin account of FreeIPA
+# Create and delete an admin account of FreeIPA
 
 KINIT_CMD='/usr/bin/kinit'
 KDESTROY_CMD='/usr/bin/kdestroy'
@@ -27,7 +27,7 @@ message() {
         msg="action '${action}' on Kerberos ticket-granting ticket has failed."
       fi
     ;;
-    user-add | group-add-member)
+    user-add | group-add-member | user-del)
       if [ $status -eq 0 ]; then
         msg="action '${action}' on IPA object is done."
       else
@@ -138,6 +138,26 @@ ipa_group_add_admins() {
   fi
 }
 
+#
+# Delete user from FreeIPA
+#
+ipa_del_user() {
+  local login= retval=
+  login=$1
+
+  $IPA_CMD user-del $login
+  retval=$?
+
+  message 'user-del' $retval
+
+  if [ $retval -ne 0 ]; then
+    krb_tgt destroy
+    exit $retval
+  else
+    return $retval
+  fi
+
+}
 
 #
 # Main
@@ -147,8 +167,18 @@ is_commands_installed $USED_COMMANDS
 
 krb_tgt init $PT_operator_login $PT_operator_password
 
-ipa_add_user $PT_login $PT_firstname $PT_lastname $PT_password
-
-ipa_group_add_admins $PT_login
+case $PT_ensure in
+  present)
+    ipa_add_user $PT_login $PT_firstname $PT_lastname $PT_password
+    ipa_group_add_admins $PT_login
+  ;;
+  absent)
+    ipa_del_user $PT_login
+  ;;
+  *)
+    msg="Unexpected ensure value '${PT_ensure}'"
+    exit 1
+  ;;
+esac
 
 krb_tgt destroy