diff --git a/README.md b/README.md
index b0fea88..a23d66e 100644
--- a/README.md
+++ b/README.md
@@ -223,6 +223,38 @@ resource can override this value. There are 2 valid states:
 
 The default is `true`.
 
+### <a name="attributes-on-group-missing"></a> on_group_missing
+
+This determines the result if a user is added to a group that does not exist.
+Options are:
+
+<table>
+  <thead>
+    <tr>
+      <th>Option</th>
+      <th>Action</th>
+      <th>Default</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>create</td>
+      <td>Create the group.</td>
+      <td>Yes 
+    </tr>
+    <tr>
+      <td>ignore</td>
+      <td>Create the user as usual, but ignore the fact that he was requested to be added to this group.</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>fail</td>
+      <td>Raise an Exception</td>
+      <td></td>
+    </tr>
+  </tbody>
+</table>
+
 ### <a name="attributes-data-bag-name"></a> data_bag_name
 
 The data bag name containing a group of user account information. This is used
@@ -375,6 +407,11 @@ this by installing the "libshadow-ruby1.8" package.
       <td>Whether or not to generate an SSH keypair for the user.</td>
       <td><code>node['user']['ssh_keygen']</code></td>
     </tr>
+    <tr>
+      <td>groups</td>
+      <td>An Array of groups to which to add the user.</td>
+      <td><code>[]</code></td>
+    </tr>
   </tbody>
 </table>
 
diff --git a/attributes/default.rb b/attributes/default.rb
index 4cc667c..7f7b0c8 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -46,5 +46,6 @@
 
 default['user']['data_bag_name']        = "users"
 default['user']['user_array_node_attr'] = "users"
+default['user']['on_group_missing']     = "create"
 
 default[default['user']['user_array_node_attr']] = []
diff --git a/metadata.rb b/metadata.rb
index 2eb13bb..6b135bd 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@
 license          "Apache 2.0"
 description      "A convenient Chef LWRP to manage user accounts and SSH keys (this is not the opscode users cookbook)"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "0.3.1"
+version          "0.4.0"
 
 supports "ubuntu"
 supports "debian"
diff --git a/recipes/data_bag.rb b/recipes/data_bag.rb
index e944f26..714fcbc 100644
--- a/recipes/data_bag.rb
+++ b/recipes/data_bag.rb
@@ -18,6 +18,7 @@
 #
 
 bag = node['user']['data_bag_name']
+on_group_missing = node['user']['on_group_missing']
 
 # Fetch the user array from the node's attribute hash. If a subhash is
 # desired (ex. node['base']['user_accounts']), then set:
@@ -37,7 +38,7 @@
 
   user_account username do
     %w{comment uid gid home shell password system_user manage_home create_group
-        ssh_keys ssh_keygen non_unique}.each do |attr|
+        ssh_keys ssh_keygen non_unique }.each do |attr|
       send(attr, u[attr]) if u[attr]
     end
     action Array(u['action']).map { |a| a.to_sym } if u['action']
@@ -51,8 +52,20 @@
   end
 end
 
+# the behaviour if a group does not exist depends on the on_group_missing attribute
+# we control this by setting the action taken to operate on the groups
+case on_group_missing
+when 'fail'
+  g_action = :modify
+when 'ignore'
+  g_action = :manage
+when 'create'
+  g_action = :create
+end
+
 groups.each do |groupname, users|
   group groupname do
+    action g_action
     members users
     append true
   end
diff --git a/resources/account.rb b/resources/account.rb
index 8d7c653..7300544 100644
--- a/resources/account.rb
+++ b/resources/account.rb
@@ -21,19 +21,19 @@
 
 actions :create, :remove, :modify, :manage, :lock, :unlock
 
-attribute :username,      :kind_of => String, :name_attribute => true
-attribute :comment,       :kind_of => String
-attribute :uid,           :kind_of => [String,Integer]
-attribute :gid,           :kind_of => [String,Integer]
-attribute :home,          :kind_of => String
-attribute :shell,         :kind_of => String
-attribute :password,      :kind_of => String
-attribute :system_user,   :default => false
-attribute :manage_home,   :default => nil
-attribute :non_unique,    :default => nil
-attribute :create_group,  :default => nil
-attribute :ssh_keys,      :kind_of => [Array,String], :default => []
-attribute :ssh_keygen,    :default => nil
+attribute :username,         :kind_of => String, :name_attribute => true
+attribute :comment,          :kind_of => String
+attribute :uid,              :kind_of => [String,Integer]
+attribute :gid,              :kind_of => [String,Integer]
+attribute :home,             :kind_of => String
+attribute :shell,            :kind_of => String
+attribute :password,         :kind_of => String
+attribute :system_user,      :default => false
+attribute :manage_home,      :default => nil
+attribute :non_unique,       :default => nil
+attribute :create_group,     :default => nil
+attribute :ssh_keys,         :kind_of => [Array,String], :default => []
+attribute :ssh_keygen,       :default => nil
 
 def initialize(*args)
   super
diff --git a/test/unit/attributes/default_spec.rb b/test/unit/attributes/default_spec.rb
index 972ae75..f1abf91 100644
--- a/test/unit/attributes/default_spec.rb
+++ b/test/unit/attributes/default_spec.rb
@@ -101,5 +101,9 @@
     it "sets default data bag name" do
       @node[attr_ns]['data_bag_name'].must_equal "users"
     end
+
+    it "sets on group missing" do
+      ["create", "ignore", "fail"].must_include @node[attr_ns]['on_group_missing']
+    end
   end
 end