diff --git a/roles/ad-dc/tasks/main.yaml b/roles/ad-dc/tasks/main.yaml
index fdde98d..39aeda0 100644
--- a/roles/ad-dc/tasks/main.yaml
+++ b/roles/ad-dc/tasks/main.yaml
@@ -94,3 +94,45 @@
     dest_path: target/ca.crt
     format: pem
   delegate_to: localhost
+
+# Create users and groups used by the OPA ad-ad-userinfo test
+
+- name: Create Superset Admins group
+  microsoft.ad.group:
+    name: Superset Admins
+    scope: global
+    state: present
+
+- name: Create user alice
+  microsoft.ad.user:
+    name: alice
+    sam_account_name: sam-alice # different than upn prefix (name)
+    password: Asdf1234
+    enabled: true
+    upn: "alice@{{ ansible_facts.domain | lower }}"
+    groups:
+      set:
+        - Domain Users
+        - Superset Admins
+
+- name: Create user bob
+  microsoft.ad.user:
+    name: bob
+    sam_account_name: bob # same as upn prefix (name)
+    password: Asdf1234
+    enabled: true
+    upn: "bob@{{ ansible_facts.domain | upper }}"
+    groups:
+      set:
+        - Domain Users
+
+- name: Create user charlie
+  microsoft.ad.user:
+    name: charlie
+    sam_account_name: charlie
+    password: Asdf1234
+    enabled: true
+    upn: "charlie@custom.test" # custom suffix
+    groups:
+      set:
+        - Domain Users