diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 71ce4063..c31f30af 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -370,6 +370,14 @@ else:
     def module_params_get(module, name):
         return _afm_convert(module.params.get(name))
 
+    def api_get_domain():
+        return api.env.domain
+
+    def ensure_fqdn(name, domain):
+        if "." not in name:
+            return "%s.%s" % (name, domain)
+        return name
+
     def api_get_realm():
         return api.env.realm
 
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 010f68a9..d81112f6 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -159,7 +159,8 @@ RETURN = """
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
     temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
-    module_params_get, gen_add_del_lists, gen_add_list, gen_intersection_list
+    module_params_get, gen_add_del_lists, gen_add_list, \
+    gen_intersection_list, api_get_domain, ensure_fqdn
 
 
 def find_hbacrule(module, name):
@@ -325,6 +326,14 @@ def main():
                                                  ipaadmin_password)
         api_connect()
 
+        # Get default domain
+        default_domain = api_get_domain()
+
+        # Ensure fqdn host names, use default domain for simple names
+        if host is not None:
+            _host = [ensure_fqdn(x, default_domain) for x in host]
+            host = _host
+
         commands = []
 
         for name in names:
diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml
index 6e1d4aef..e93a74dc 100644
--- a/tests/hbacrule/test_hbacrule.yml
+++ b/tests/hbacrule/test_hbacrule.yml
@@ -580,6 +580,28 @@
     register: result
     failed_when: result.changed or result.failed
 
+  # ENSURE SIMPLE HOSTNAMES MATCH
+
+  - name: Ensure HBAC rule hbacrule01 simple host members are usable
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: hbacrule01
+      host:
+      - "testhost01"
+      - "testhost03"
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: Ensure HBAC rule hbacrule01 simple host members are usable again (and match)
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: hbacrule01
+      host:
+      - "testhost01"
+      - "testhost03"
+    register: result
+    failed_when: result.changed or result.failed
+
   # CLEANUP TEST ITEMS
 
   - name: Ensure test HBAC rule hbacrule01 is absent