diff --git a/user/scripts/update-virtual.rb b/user/scripts/update-virtual.rb
index 0adcdac..bbed103 100755
--- a/user/scripts/update-virtual.rb
+++ b/user/scripts/update-virtual.rb
@@ -61,7 +61,7 @@ class user::virtual {
         }
 
         exec { "user-mod-${name}":
-            command     => "usermod -L ldap ${name}; groups ${name} | fgrep -q sysadm && usermod -G wheel ${name} || true",
+            command     => "usermod -L ldap ${name}",
             path        => "/sbin:/usr/sbin:/bin:/usr/bin",
             refreshonly => true,
         }
@@ -110,11 +110,18 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
         print "        shell         => '%s',\n" % "/bin/bash"
     end
     if groups.length > 0
-	print "        groups        => [ "
+	print "        groups        => $operatingsystem ? {\n"
+	print "            openbsd => [ "
 	groups.each do |group|
 	    print "'" + group + "', "
 	end
+	print "'wheel', " if groups.include?('sysadm')
 	print "],\n"
+	print "            default => [ "
+	groups.each do |group|
+	    print "'" + group + "', "
+	end
+	print "],\n        },\n"
     end
     print "        requiregroups => [ Group['" + prigroup + "'],"
     groups.each do |group|