diff --git a/roles/sssd_ad_auth/defaults/main.yml b/roles/sssd_ad_auth/defaults/main.yml
index b5161d8..9007d14 100644
--- a/roles/sssd_ad_auth/defaults/main.yml
+++ b/roles/sssd_ad_auth/defaults/main.yml
@@ -14,6 +14,9 @@ ad_gpo_access_control: permissive
 # If set to True, ansible will re join the host to the domain
 ad_force_join: False
 
+# Set to false to disable dyndns update
+ad_dyndns_update: True
+
 # sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains
 ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}"
 # ad_trusted_domains:
diff --git a/roles/sssd_ad_auth/templates/sssd.conf.j2 b/roles/sssd_ad_auth/templates/sssd.conf.j2
index ecf8a09..43b89ac 100644
--- a/roles/sssd_ad_auth/templates/sssd.conf.j2
+++ b/roles/sssd_ad_auth/templates/sssd.conf.j2
@@ -33,6 +33,9 @@ ad_maximum_machine_account_password_age = 0
 enumerate = true
 {% endif %}
 ad_gpo_access_control = {{ ad_gpo_access_control }}
+{% if not ad_dyndns_update %}
+dyndns_update = false
+{% endif %}
 
 {% for domain in ad_trusted_domains %}