diff --git a/roles/ipa/server/handlers/main.yml b/roles/ipa/server/handlers/main.yml
new file mode 100644
index 0000000000..43d6aa764f
--- /dev/null
+++ b/roles/ipa/server/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart ipa
+  command: ipactl restart
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 0db20f6f27..773143c72b 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -159,6 +159,30 @@
   - ipa/server
   - config
 
+- name: Disable the compat tree
+  shell: echo "{{ipa_dm_password}}" | ipa-compat-manage disable
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+  register: output
+  changed_when: "'Plugin Disabled' in output.stdout"
+  failed_when: "'Plugin Disabled' not in output.stderr and output.rc != 0"
+  notify:
+  - restart ipa
+
+- name: Disable the nis tree
+  shell: echo "{{ipa_dm_password}}" | ipa-nis-manage disable
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+  register: output
+  changed_when: "'Plugin Disabled' in output.stdout"
+  failed_when: "'Plugin Disabled' not in output.stderr and output.rc != 0"
+  notify:
+  - restart ipa
+
 - name: Set the expiration date for the admin user
   ipauser:
     name: admin