diff --git a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java
new file mode 100644
index 000000000..494de50aa
--- /dev/null
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java
@@ -0,0 +1,72 @@
+package li.strolch.service.privilege.users;
+
+import li.strolch.agent.api.ComponentContainer;
+import li.strolch.model.audit.AccessType;
+import li.strolch.model.audit.Audit;
+import li.strolch.persistence.api.StrolchTransaction;
+import li.strolch.privilege.handler.PrivilegeHandler;
+import li.strolch.privilege.model.UserRep;
+import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
+import li.strolch.service.api.Command;
+import li.strolch.utils.dbc.DBC;
+
+/**
+ * 
+ * @author Robert von Burg <eitch@eitchnet.ch>
+ */
+public class PrivilegeAddUserCommand extends Command {
+
+	// input
+	private UserRep userIn;
+
+	// intermediary
+	private Audit audit;
+
+	// output
+	private UserRep userOut;
+
+	public PrivilegeAddUserCommand(ComponentContainer container, StrolchTransaction tx) {
+		super(container, tx);
+	}
+
+	public void setUserIn(UserRep userIn) {
+		this.userIn = userIn;
+	}
+
+	public UserRep getUserOut() {
+		return this.userOut;
+	}
+
+	@Override
+	public void validate() {
+		DBC.PRE.assertNotNull("userIn may not be null!", this.userIn);
+	}
+
+	@Override
+	public void doCommand() {
+
+		PrivilegeHandler privilegeHandler = getContainer().getPrivilegeHandler().getPrivilegeHandler();
+
+		this.userOut = privilegeHandler.addUser(tx().getCertificate(), this.userIn, null);
+
+		tx().setSuppressAuditsForAudits(true);
+
+		this.audit = tx().auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
+				StrolchPrivilegeConstants.USER, this.userOut.getUsername());
+		tx().getAuditTrail().add(tx(), this.audit);
+	}
+
+	@Override
+	public void undo() {
+
+		if (tx().isRollingBack()) {
+			PrivilegeHandler privilegeHandler = getContainer().getPrivilegeHandler().getPrivilegeHandler();
+
+			if (this.userOut != null)
+				privilegeHandler.removeUser(tx().getCertificate(), this.userIn.getUsername());
+
+			if (this.audit != null)
+				tx().getAuditTrail().remove(tx(), this.audit);
+		}
+	}
+}
diff --git a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java
index 21cb3525c..e10c63958 100644
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java
@@ -15,11 +15,8 @@
  */
 package li.strolch.service.privilege.users;
 
-import li.strolch.model.audit.AccessType;
-import li.strolch.model.audit.Audit;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.privilege.handler.PrivilegeHandler;
-import li.strolch.privilege.model.UserRep;
 import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
 import li.strolch.service.api.AbstractService;
 import li.strolch.service.api.ServiceResultState;
@@ -39,19 +36,15 @@ public class PrivilegeAddUserService extends AbstractService<PrivilegeUserArgume
 	@Override
 	protected PrivilegeUserResult internalDoService(PrivilegeUserArgument arg) throws Exception {
 
-		li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
-		PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
-
-		UserRep user = privilegeHandler.addUser(getCertificate(), arg.user, null);
-
+		PrivilegeAddUserCommand cmd;
 		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_USER)) {
-			tx.setSuppressAudits(true);
-			Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
-					StrolchPrivilegeConstants.USER, user.getUsername());
-			tx.getAuditTrail().add(tx, audit);
+			cmd = new PrivilegeAddUserCommand(getContainer(), tx);
+			cmd.setUserIn(arg.user);
+			tx.addCommand(cmd);
+			tx.commitOnClose();
 		}
 
-		return new PrivilegeUserResult(user);
+		return new PrivilegeUserResult(cmd.getUserOut());
 	}
 
 	@Override
diff --git a/li.strolch.service/src/test/java/li/strolch/command/privilege/users/PrivilegeAddUserCommandTest.java b/li.strolch.service/src/test/java/li/strolch/command/privilege/users/PrivilegeAddUserCommandTest.java
new file mode 100644
index 000000000..951fc4e10
--- /dev/null
+++ b/li.strolch.service/src/test/java/li/strolch/command/privilege/users/PrivilegeAddUserCommandTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package li.strolch.command.privilege.users;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+
+import li.strolch.agent.api.ComponentContainer;
+import li.strolch.command.AbstractRealmCommandTest;
+import li.strolch.persistence.api.StrolchTransaction;
+import li.strolch.privilege.model.UserRep;
+import li.strolch.privilege.model.UserState;
+import li.strolch.service.api.Command;
+import li.strolch.service.privilege.users.PrivilegeAddUserCommand;
+
+/**
+ * @author Robert von Burg <eitch@eitchnet.ch>
+ */
+public class PrivilegeAddUserCommandTest extends AbstractRealmCommandTest {
+
+	@Override
+	protected String getUsername() {
+		return "admin";
+	}
+
+	@Override
+	protected Command getCommandInstance(ComponentContainer container, StrolchTransaction tx) {
+
+		Set<String> roles = new HashSet<>();
+		roles.add("AppUser");
+		Map<String, String> propertyMap = new HashMap<>();
+
+		UserRep user = new UserRep(null, "dude", "Jeff", "Lebowski", UserState.ENABLED, roles, Locale.getDefault(),
+				propertyMap);
+
+		PrivilegeAddUserCommand command = new PrivilegeAddUserCommand(container, tx);
+		command.setUserIn(user);
+		return command;
+	}
+
+	@Override
+	protected void validateAfterCommand(ComponentContainer container, StrolchTransaction tx) {
+		assertNotNull(container.getPrivilegeHandler().getPrivilegeHandler().getUser(certificate, "dude"));
+	}
+
+	@Override
+	protected void validateAfterCommandFailed(ComponentContainer container, StrolchTransaction tx) {
+		assertNull(container.getPrivilegeHandler().getPrivilegeHandler().getUser(certificate, "dude"));
+	}
+}