diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py
index 6ad791ded0bbfb9f7bbdff53b7ec8ce9f6bf8292..5ce9afc732d0efeac841a0742fc3dd6b4fb78e55 100644
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -297,17 +297,19 @@ def main():
     hostcategory = ansible_module.params_get("hostcategory")  # noqa
     nomembers = ansible_module.params_get("nomembers")  # noqa
     host = ansible_module.params_get("host")
-    hostgroup = ansible_module.params_get("hostgroup")
-    user = ansible_module.params_get("user")
-    group = ansible_module.params_get("group")
+    hostgroup = ansible_module.params_get_lowercase("hostgroup")
+    user = ansible_module.params_get_lowercase("user")
+    group = ansible_module.params_get_lowercase("group")
     allow_sudocmd = ansible_module.params_get('allow_sudocmd')
-    allow_sudocmdgroup = ansible_module.params_get('allow_sudocmdgroup')
+    allow_sudocmdgroup = \
+        ansible_module.params_get_lowercase('allow_sudocmdgroup')
     deny_sudocmd = ansible_module.params_get('deny_sudocmd')
-    deny_sudocmdgroup = ansible_module.params_get('deny_sudocmdgroup')
+    deny_sudocmdgroup = \
+        ansible_module.params_get_lowercase('deny_sudocmdgroup')
     sudooption = ansible_module.params_get("sudooption")
     order = ansible_module.params_get("order")
-    runasuser = ansible_module.params_get("runasuser")
-    runasgroup = ansible_module.params_get("runasgroup")
+    runasuser = ansible_module.params_get_lowercase("runasuser")
+    runasgroup = ansible_module.params_get_lowercase("runasgroup")
     action = ansible_module.params_get("action")
 
     # state
@@ -383,6 +385,17 @@ def main():
             )
 
         commands = []
+        host_add, host_del = [], []
+        user_add, user_del = [], []
+        group_add, group_del = [], []
+        hostgroup_add, hostgroup_del = [], []
+        allow_cmd_add, allow_cmd_del = [], []
+        allow_cmdgroup_add, allow_cmdgroup_del = [], []
+        deny_cmd_add, deny_cmd_del = [], []
+        deny_cmdgroup_add, deny_cmdgroup_del = [], []
+        sudooption_add, sudooption_del = [], []
+        runasuser_add, runasuser_del = [], []
+        runasgroup_add, runasgroup_del = [], []
 
         for name in names:
             # Make sure sudorule exists
@@ -487,95 +500,11 @@ def main():
                     runasgroup_add, runasgroup_del = gen_add_del_lists(
                         runasgroup,
                         (
-                            res_find.get('ipasudorunas_group', [])
+                            res_find.get('ipasudorunasgroup_group', [])
                             + res_find.get('ipasudorunasextgroup', [])
                         )
                     )
 
-                    # Add hosts and hostgroups
-                    if len(host_add) > 0 or len(hostgroup_add) > 0:
-                        commands.append([name, "sudorule_add_host",
-                                         {
-                                             "host": host_add,
-                                             "hostgroup": hostgroup_add,
-                                         }])
-                    # Remove hosts and hostgroups
-                    if len(host_del) > 0 or len(hostgroup_del) > 0:
-                        commands.append([name, "sudorule_remove_host",
-                                         {
-                                             "host": host_del,
-                                             "hostgroup": hostgroup_del,
-                                         }])
-
-                    # Add users and groups
-                    if len(user_add) > 0 or len(group_add) > 0:
-                        commands.append([name, "sudorule_add_user",
-                                         {
-                                             "user": user_add,
-                                             "group": group_add,
-                                         }])
-                    # Remove users and groups
-                    if len(user_del) > 0 or len(group_del) > 0:
-                        commands.append([name, "sudorule_remove_user",
-                                         {
-                                             "user": user_del,
-                                             "group": group_del,
-                                         }])
-
-                    # Add commands allowed
-                    if len(allow_cmd_add) > 0 or len(allow_cmdgroup_add) > 0:
-                        commands.append([name, "sudorule_add_allow_command",
-                                         {"sudocmd": allow_cmd_add,
-                                          "sudocmdgroup": allow_cmdgroup_add,
-                                          }])
-
-                    if len(allow_cmd_del) > 0 or len(allow_cmdgroup_del) > 0:
-                        commands.append([name, "sudorule_remove_allow_command",
-                                         {"sudocmd": allow_cmd_del,
-                                          "sudocmdgroup": allow_cmdgroup_del
-                                          }])
-
-                    # Add commands denied
-                    if len(deny_cmd_add) > 0 or len(deny_cmdgroup_add) > 0:
-                        commands.append([name, "sudorule_add_deny_command",
-                                         {"sudocmd": deny_cmd_add,
-                                          "sudocmdgroup": deny_cmdgroup_add,
-                                          }])
-
-                    if len(deny_cmd_del) > 0 or len(deny_cmdgroup_del) > 0:
-                        commands.append([name, "sudorule_remove_deny_command",
-                                         {"sudocmd": deny_cmd_del,
-                                          "sudocmdgroup": deny_cmdgroup_del
-                                          }])
-
-                    # Add RunAS Users
-                    if len(runasuser_add) > 0:
-                        commands.append([name, "sudorule_add_runasuser",
-                                         {"user": runasuser_add}])
-                    # Remove RunAS Users
-                    if len(runasuser_del) > 0:
-                        commands.append([name, "sudorule_remove_runasuser",
-                                         {"user": runasuser_del}])
-
-                    # Add RunAS Groups
-                    if len(runasgroup_add) > 0:
-                        commands.append([name, "sudorule_add_runasgroup",
-                                         {"group": runasgroup_add}])
-                    # Remove RunAS Groups
-                    if len(runasgroup_del) > 0:
-                        commands.append([name, "sudorule_remove_runasgroup",
-                                         {"group": runasgroup_del}])
-
-                    # Add sudo options
-                    for sudoopt in sudooption_add:
-                        commands.append([name, "sudorule_add_option",
-                                         {"ipasudoopt": sudoopt}])
-
-                    # Remove sudo options
-                    for sudoopt in sudooption_del:
-                        commands.append([name, "sudorule_remove_option",
-                                         {"ipasudoopt": sudoopt}])
-
                 elif action == "member":
                     if res_find is None:
                         ansible_module.fail_json(msg="No sudorule '%s'" % name)
@@ -585,56 +514,47 @@ def main():
                     # deny_sudocmdgroup, sudooption, runasuser, runasgroup
                     # and res_find to only try to add the items that not in
                     # the sudorule already
-                    if host is not None and \
-                       "memberhost_host" in res_find:
-                        host = gen_add_list(
-                            host, res_find["memberhost_host"])
-                    if hostgroup is not None and \
-                       "memberhost_hostgroup" in res_find:
-                        hostgroup = gen_add_list(
-                            hostgroup, res_find["memberhost_hostgroup"])
-                    if user is not None and \
-                       "memberuser_user" in res_find:
-                        user = gen_add_list(
-                            user, res_find["memberuser_user"])
-                    if group is not None and \
-                       "memberuser_group" in res_find:
-                        group = gen_add_list(
-                            group, res_find["memberuser_group"])
-                    if allow_sudocmd is not None and \
-                       "memberallowcmd_sudocmd" in res_find:
-                        allow_sudocmd = gen_add_list(
-                            allow_sudocmd, res_find["memberallowcmd_sudocmd"])
-                    if allow_sudocmdgroup is not None and \
-                       "memberallowcmd_sudocmdgroup" in res_find:
-                        allow_sudocmdgroup = gen_add_list(
+                    if host is not None:
+                        host_add = gen_add_list(
+                            host, res_find.get("memberhost_host"))
+                    if hostgroup is not None:
+                        hostgroup_add = gen_add_list(
+                            hostgroup, res_find.get("memberhost_hostgroup"))
+                    if user is not None:
+                        user_add = gen_add_list(
+                            user, res_find.get("memberuser_user"))
+                    if group is not None:
+                        group_add = gen_add_list(
+                            group, res_find.get("memberuser_group"))
+                    if allow_sudocmd is not None:
+                        allow_cmd_add = gen_add_list(
+                            allow_sudocmd,
+                            res_find.get("memberallowcmd_sudocmd")
+                        )
+                    if allow_sudocmdgroup is not None:
+                        allow_cmdgroup_add = gen_add_list(
                             allow_sudocmdgroup,
-                            res_find["memberallowcmd_sudocmdgroup"])
-                    if deny_sudocmd is not None and \
-                       "memberdenycmd_sudocmd" in res_find:
-                        deny_sudocmd = gen_add_list(
-                            deny_sudocmd, res_find["memberdenycmd_sudocmd"])
-                    if deny_sudocmdgroup is not None and \
-                       "memberdenycmd_sudocmdgroup" in res_find:
-                        deny_sudocmdgroup = gen_add_list(
+                            res_find.get("memberallowcmd_sudocmdgroup")
+                        )
+                    if deny_sudocmd is not None:
+                        deny_cmd_add = gen_add_list(
+                            deny_sudocmd,
+                            res_find.get("memberdenycmd_sudocmd")
+                        )
+                    if deny_sudocmdgroup is not None:
+                        deny_cmdgroup_add = gen_add_list(
                             deny_sudocmdgroup,
-                            res_find["memberdenycmd_sudocmdgroup"])
-                    if sudooption is not None and \
-                       "ipasudoopt" in res_find:
-                        sudooption = gen_add_list(
-                            sudooption, res_find["ipasudoopt"])
+                            res_find("memberdenycmd_sudocmdgroup")
+                        )
+                    if sudooption is not None:
+                        sudooption_add = gen_add_list(
+                            sudooption, res_find.get("ipasudoopt"))
                     # runasuser attribute can be used with both IPA and
                     # non-IPA (external) users, so we need to compare
                     # the provided list against both users and external
                     # users list.
-                    if (
-                        runasuser is not None
-                        and (
-                            "ipasudorunas_user" in res_find
-                            or "ipasudorunasextuser" in res_find
-                        )
-                    ):
-                        runasuser = gen_add_list(
+                    if runasuser is not None:
+                        runasuser_add = gen_add_list(
                             runasuser,
                             (list(res_find.get('ipasudorunas_user', []))
                              + list(res_find.get('ipasudorunasextuser', [])))
@@ -643,69 +563,13 @@ def main():
                     # non-IPA (external) groups, so we need to compare
                     # the provided list against both users and external
                     # groups list.
-                    if (
-                        runasgroup is not None
-                        and (
-                            "ipasudorunasgroup_group" in res_find
-                            or "ipasudorunasextgroup" in res_find
-                        )
-                    ):
-                        runasgroup = gen_add_list(
+                    if runasgroup is not None:
+                        runasgroup_add = gen_add_list(
                             runasgroup,
                             (list(res_find.get("ipasudorunasgroup_group", []))
                              + list(res_find.get("ipasudorunasextgroup", [])))
                         )
 
-                    # Add hosts and hostgroups
-                    if host is not None or hostgroup is not None:
-                        commands.append([name, "sudorule_add_host",
-                                         {
-                                             "host": host,
-                                             "hostgroup": hostgroup,
-                                         }])
-
-                    # Add users and groups
-                    if user is not None or group is not None:
-                        commands.append([name, "sudorule_add_user",
-                                         {
-                                             "user": user,
-                                             "group": group,
-                                         }])
-
-                    # Add commands
-                    if allow_sudocmd is not None \
-                       or allow_sudocmdgroup is not None:
-                        commands.append([name, "sudorule_add_allow_command",
-                                         {"sudocmd": allow_sudocmd,
-                                          "sudocmdgroup": allow_sudocmdgroup,
-                                          }])
-
-                    # Add commands
-                    if deny_sudocmd is not None \
-                       or deny_sudocmdgroup is not None:
-                        commands.append([name, "sudorule_add_deny_command",
-                                         {"sudocmd": deny_sudocmd,
-                                          "sudocmdgroup": deny_sudocmdgroup,
-                                          }])
-
-                    # Add RunAS Users
-                    if runasuser is not None and len(runasuser) > 0:
-                        commands.append([name, "sudorule_add_runasuser",
-                                         {"user": runasuser}])
-
-                    # Add RunAS Groups
-                    if runasgroup is not None and len(runasgroup) > 0:
-                        commands.append([name, "sudorule_add_runasgroup",
-                                         {"group": runasgroup}])
-
-                    # Add options
-                    if sudooption is not None:
-                        existing_opts = res_find.get('ipasudoopt', [])
-                        for sudoopt in sudooption:
-                            if sudoopt not in existing_opts:
-                                commands.append([name, "sudorule_add_option",
-                                                 {"ipasudoopt": sudoopt}])
-
             elif state == "absent":
                 if action == "sudorule":
                     if res_find is not None:
@@ -721,153 +585,70 @@ def main():
                     # and res_find to only try to remove the items that are
                     # in sudorule
                     if host is not None:
-                        if "memberhost_host" in res_find:
-                            host = gen_intersection_list(
-                                host, res_find["memberhost_host"])
-                        else:
-                            host = None
+                        host_del = gen_intersection_list(
+                            host, res_find.get("memberhost_host"))
+
                     if hostgroup is not None:
-                        if "memberhost_hostgroup" in res_find:
-                            hostgroup = gen_intersection_list(
-                                hostgroup, res_find["memberhost_hostgroup"])
-                        else:
-                            hostgroup = None
+                        hostgroup_del = gen_intersection_list(
+                            hostgroup, res_find.get("memberhost_hostgroup"))
+
                     if user is not None:
-                        if "memberuser_user" in res_find:
-                            user = gen_intersection_list(
-                                user, res_find["memberuser_user"])
-                        else:
-                            user = None
+                        user_del = gen_intersection_list(
+                            user, res_find.get("memberuser_user"))
+
                     if group is not None:
-                        if "memberuser_group" in res_find:
-                            group = gen_intersection_list(
-                                group, res_find["memberuser_group"])
-                        else:
-                            group = None
+                        group_del = gen_intersection_list(
+                            group, res_find.get("memberuser_group"))
+
                     if allow_sudocmd is not None:
-                        if "memberallowcmd_sudocmd" in res_find:
-                            allow_sudocmd = gen_intersection_list(
-                                allow_sudocmd,
-                                res_find["memberallowcmd_sudocmd"])
-                        else:
-                            allow_sudocmd = None
+                        allow_cmd_del = gen_intersection_list(
+                            allow_sudocmd,
+                            res_find.get("memberallowcmd_sudocmd")
+                        )
                     if allow_sudocmdgroup is not None:
-                        if "memberallowcmd_sudocmdgroup" in res_find:
-                            allow_sudocmdgroup = gen_intersection_list(
-                                allow_sudocmdgroup,
-                                res_find["memberallowcmd_sudocmdgroup"])
-                        else:
-                            allow_sudocmdgroup = None
+                        allow_cmdgroup_del = gen_intersection_list(
+                            allow_sudocmdgroup,
+                            res_find.get("memberallowcmd_sudocmdgroup")
+                        )
                     if deny_sudocmd is not None:
-                        if "memberdenycmd_sudocmd" in res_find:
-                            deny_sudocmd = gen_intersection_list(
-                                deny_sudocmd,
-                                res_find["memberdenycmd_sudocmd"])
-                        else:
-                            deny_sudocmd = None
+                        deny_cmd_del = gen_intersection_list(
+                            deny_sudocmd,
+                            res_find.get("memberdenycmd_sudocmd")
+                        )
                     if deny_sudocmdgroup is not None:
-                        if "memberdenycmd_sudocmdgroup" in res_find:
-                            deny_sudocmdgroup = gen_intersection_list(
-                                deny_sudocmdgroup,
-                                res_find["memberdenycmd_sudocmdgroup"])
-                        else:
-                            deny_sudocmdgroup = None
+                        deny_cmdgroup_del = gen_intersection_list(
+                            deny_sudocmdgroup,
+                            res_find.get("memberdenycmd_sudocmdgroup")
+                        )
                     if sudooption is not None:
-                        if "ipasudoopt" in res_find:
-                            sudooption = gen_intersection_list(
-                                sudooption, res_find["ipasudoopt"])
-                        else:
-                            sudooption = None
+                        sudooption_del = gen_intersection_list(
+                            sudooption, res_find.get("ipasudoopt"))
                     # runasuser attribute can be used with both IPA and
                     # non-IPA (external) users, so we need to compare
                     # the provided list against both users and external
                     # users list.
                     if runasuser is not None:
-                        if (
-                            "ipasudorunas_user" in res_find
-                            or "ipasudorunasextuser" in res_find
-                        ):
-                            runasuser = gen_intersection_list(
-                                runasuser,
-                                (
-                                    list(res_find.get('ipasudorunas_user', []))
-                                    + list(res_find.get(
-                                        'ipasudorunasextuser', []))
-                                )
+                        runasuser_del = gen_intersection_list(
+                            runasuser,
+                            (
+                                list(res_find.get('ipasudorunas_user', []))
+                                + list(res_find.get('ipasudorunasextuser', []))
                             )
-                        else:
-                            runasuser = None
+                        )
                     # runasgroup attribute can be used with both IPA and
                     # non-IPA (external) groups, so we need to compare
                     # the provided list against both groups and external
                     # groups list.
                     if runasgroup is not None:
-                        if (
-                            "ipasudorunasgroup_group" in res_find
-                            or "ipasudorunasextgroup" in res_find
-                        ):
-                            runasgroup = gen_intersection_list(
-                                runasgroup,
-                                (
-                                    list(res_find.get(
-                                        "ipasudorunasgroup_group", []))
-                                    + list(res_find.get(
-                                        "ipasudorunasextgroup", []))
-                                )
+                        runasgroup_del = gen_intersection_list(
+                            runasgroup,
+                            (
+                                list(res_find.get(
+                                    "ipasudorunasgroup_group", []))
+                                + list(res_find.get(
+                                    "ipasudorunasextgroup", []))
                             )
-                        else:
-                            runasgroup = None
-
-                    # Remove hosts and hostgroups
-                    if host is not None or hostgroup is not None:
-                        commands.append([name, "sudorule_remove_host",
-                                         {
-                                             "host": host,
-                                             "hostgroup": hostgroup,
-                                         }])
-
-                    # Remove users and groups
-                    if user is not None or group is not None:
-                        commands.append([name, "sudorule_remove_user",
-                                         {
-                                             "user": user,
-                                             "group": group,
-                                         }])
-
-                    # Remove allow commands
-                    if allow_sudocmd is not None \
-                       or allow_sudocmdgroup is not None:
-                        commands.append([name, "sudorule_remove_allow_command",
-                                         {"sudocmd": allow_sudocmd,
-                                          "sudocmdgroup": allow_sudocmdgroup
-                                          }])
-
-                    # Remove deny commands
-                    if deny_sudocmd is not None \
-                       or deny_sudocmdgroup is not None:
-                        commands.append([name, "sudorule_remove_deny_command",
-                                         {"sudocmd": deny_sudocmd,
-                                          "sudocmdgroup": deny_sudocmdgroup
-                                          }])
-
-                    # Remove RunAS Users
-                    if runasuser is not None:
-                        commands.append([name, "sudorule_remove_runasuser",
-                                         {"user": runasuser}])
-
-                    # Remove RunAS Groups
-                    if runasgroup is not None:
-                        commands.append([name, "sudorule_remove_runasgroup",
-                                         {"group": runasgroup}])
-
-                    # Remove options
-                    if sudooption is not None:
-                        existing_opts = res_find.get('ipasudoopt', [])
-                        for sudoopt in sudooption:
-                            if sudoopt in existing_opts:
-                                commands.append([name,
-                                                 "sudorule_remove_option",
-                                                 {"ipasudoopt": sudoopt}])
+                        )
 
             elif state == "enabled":
                 if res_find is None:
@@ -892,6 +673,99 @@ def main():
             else:
                 ansible_module.fail_json(msg="Unkown state '%s'" % state)
 
+            # Manage members.
+            # Manage hosts and hostgroups
+            if host_add or hostgroup_add:
+                commands.append([name, "sudorule_add_host",
+                                 {
+                                     "host": host_add,
+                                     "hostgroup": hostgroup_add,
+                                 }])
+            if host_del or hostgroup_del:
+                commands.append([name, "sudorule_remove_host",
+                                 {
+                                     "host": host_del,
+                                     "hostgroup": hostgroup_del,
+                                 }])
+
+            # Manage users and groups
+            if user_add or group_add:
+                commands.append([
+                    name, "sudorule_add_user",
+                    {"user": user_add, "group": group_add}
+                ])
+            if user_del or group_del:
+                commands.append([
+                    name, "sudorule_remove_user",
+                    {"user": user_del, "group": group_del}
+                ])
+
+            # Manage commands allowed
+            if allow_cmd_add or allow_cmdgroup_add:
+                commands.append([
+                    name, "sudorule_add_allow_command",
+                    {
+                        "sudocmd": allow_cmd_add,
+                        "sudocmdgroup": allow_cmdgroup_add,
+                    }
+                ])
+            if allow_cmd_del or allow_cmdgroup_del:
+                commands.append([
+                    name, "sudorule_remove_allow_command",
+                    {
+                        "sudocmd": allow_cmd_del,
+                        "sudocmdgroup": allow_cmdgroup_del
+                    }
+                ])
+            # Manage commands denied
+            if deny_cmd_add or deny_cmdgroup_add:
+                commands.append([
+                    name, "sudorule_add_deny_command",
+                    {
+                        "sudocmd": deny_cmd_add,
+                        "sudocmdgroup": deny_cmdgroup_add,
+                    }
+                ])
+            if deny_cmd_del or deny_cmdgroup_del:
+                commands.append([
+                    name, "sudorule_remove_deny_command",
+                    {
+                        "sudocmd": deny_cmd_del,
+                        "sudocmdgroup": deny_cmdgroup_del
+                    }
+                ])
+            # Manage RunAS users
+            if runasuser_add:
+                commands.append([
+                    name, "sudorule_add_runasuser", {"user": runasuser_add}
+                ])
+            if runasuser_del:
+                commands.append([
+                    name, "sudorule_remove_runasuser", {"user": runasuser_del}
+                ])
+
+            # Manage RunAS Groups
+            if runasgroup_add:
+                commands.append([
+                    name, "sudorule_add_runasgroup", {"group": runasgroup_add}
+                ])
+            if runasgroup_del:
+                commands.append([
+                    name, "sudorule_remove_runasgroup",
+                    {"group": runasgroup_del}
+                ])
+            # Manage sudo options
+            if sudooption_add:
+                for option in sudooption_add:
+                    commands.append([
+                        name, "sudorule_add_option", {"ipasudoopt": option}
+                    ])
+            if sudooption_del:
+                for option in sudooption_del:
+                    commands.append([
+                        name, "sudorule_remove_option", {"ipasudoopt": option}
+                    ])
+
         # Execute commands
 
         changed = ansible_module.execute_ipa_commands(
diff --git a/tests/sudorule/test_sudorule_member_case_insensitive.yml b/tests/sudorule/test_sudorule_member_case_insensitive.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ec1507afa61917d77f16f41e242cd5fcb767561a
--- /dev/null
+++ b/tests/sudorule/test_sudorule_member_case_insensitive.yml
@@ -0,0 +1,290 @@
+---
+- name: Test sudorule members should be case insensitive.
+  hosts: "{{ ipa_test_host | default('ipaserver') }}"
+  become: no
+  gather_facts: no
+
+  vars:
+    groups_present:
+      - eleMENT1
+      - Element2
+      - eLeMenT3
+      - ElemENT4
+
+
+  tasks:
+  - block:
+    # SETUP
+    - name: Ensure domain name
+      set_fact:
+        ipa_domain: ipa.test
+      when: ipa_domain is not defined
+
+    - name: Ensure test groups exist.
+      ipagroup:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test hostgroups exist.
+      ipahostgroup:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test hosts exist.
+      ipahost:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}.{{ ipa_domain }}"
+        force: yes
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test users exist.
+      ipauser:
+        ipaadmin_password: SomeADMINpassword
+        name: "user{{ item }}"
+        first: "{{ item }}"
+        last: "{{ item }}"
+      loop: "{{ groups_present }}"
+
+    - name: Ensure sudorule do not exist
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    # TESTS
+    - name: Start tests.
+      debug:
+        msg: "Tests are starting."
+
+    - name: Ensure sudorule exist with runasusers members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasuser: "user{{ item }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or not result.changed
+
+    - name: Ensure sudorule exist with lowercase runasusers members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasuser: "user{{ item | lower }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule exist with uppercase runasusers members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasuser: "user{{ item | upper }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule exist with runasgroup members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasgroup: "{{ item }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or not result.changed
+
+    - name: Ensure sudorule exist with lowercase runasgroup members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasgroup: "{{ item | lower }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule exist with uppercase runasgroup members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        runasgroup: "{{ item | upper }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule do not exist
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    #####
+
+    - name: Ensure sudorule exist with members
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        hostgroup: "{{ item }}"
+        host: "{{ item }}.{{ ipa_domain }}"
+        group: "{{ item }}"
+        user: "user{{ item }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or not result.changed
+
+    - name: Ensure sudorule exist with members, lowercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        hostgroup: "{{ item  | lower }}"
+        host: "{{ item  | lower }}.{{ ipa_domain }}"
+        group: "{{ item  | lower }}"
+        user: "user{{ item  | lower }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule exist with members, uppercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        cmdcategory: all
+        hostgroup: "{{ item  | upper }}"
+        host: "{{ item  | upper }}.{{ ipa_domain }}"
+        group: "{{ item  | upper }}"
+        user: "user{{ item  | upper }}"
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule member is absent
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item }}"
+        host: "{{ item }}.{{ ipa_domain }}"
+        group: "{{ item }}"
+        user: "user{{ item }}"
+        action: member
+        state: absent
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or not result.changed
+
+    - name: Ensure sudorule member is absent, lowercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item  | lower }}"
+        host: "{{ item  | lower }}.{{ ipa_domain }}"
+        group: "{{ item  | lower }}"
+        user: "user{{ item  | lower }}"
+        action: member
+        state: absent
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule member is absent, upercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item  | upper }}"
+        host: "{{ item  | upper }}.{{ ipa_domain }}"
+        group: "{{ item  | upper }}"
+        user: "user{{ item  | upper }}"
+        action: member
+        state: absent
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule member is present, upercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item  | upper }}"
+        host: "{{ item  | upper }}.{{ ipa_domain }}"
+        group: "{{ item  | upper }}"
+        user: "user{{ item  | upper }}"
+        action: member
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or not result.changed
+
+    - name: Ensure sudorule member is present, lowercase
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item  | lower }}"
+        host: "{{ item  | lower }}.{{ ipa_domain }}"
+        group: "{{ item  | lower }}"
+        user: "user{{ item  | lower }}"
+        action: member
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: Ensure sudorule member is present, mixed case
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        hostgroup: "{{ item }}"
+        host: "{{ item }}.{{ ipa_domain }}"
+        group: "{{ item }}"
+        user: "user{{ item }}"
+        action: member
+      loop: "{{ groups_present }}"
+      register: result
+      failed_when: result.failed or result.changed
+
+    - name: End tests.
+      debug:
+        msg: "All tests executed."
+
+    always:
+    # cleanup
+    - name: Ensure sudorule do not exist
+      ipasudorule:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test groups do not exist.
+      ipagroup:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test hostgroups do not exist.
+      ipahostgroup:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test hosts do not exist.
+      ipahost:
+        ipaadmin_password: SomeADMINpassword
+        name: "{{ item }}.{{ ipa_domain }}"
+        state: absent
+      loop: "{{ groups_present }}"
+
+    - name: Ensure test users do not exist.
+      ipauser:
+        ipaadmin_password: SomeADMINpassword
+        name: "user{{ item }}"
+        state: absent
+      loop: "{{ groups_present }}"