diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index 546fdd5c3a..1f9d13d3b7 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -1507,6 +1507,7 @@ class object(univention.admin.handlers.simpleLdap):
 	def __init__(self, co, lo, position, dn='', superordinate=None, attributes=None):
 		self.groupsLoaded = True
 		self.password_length = 8
+		self.properties_touched_after_open = set()
 
 		univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
 
@@ -2054,8 +2068,8 @@ class object(univention.admin.handlers.simpleLdap):
 		return ml
 
 	def _modlist_password_expiry(self, ml, pwhistoryPolicy):
-		pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '1'
-		unset_pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '0'
+		pwd_change_next_login = 'pwdChangeNextLogin' in self.properties_touched_after_open and self['pwdChangeNextLogin'] == '1'
+		unset_pwd_change_next_login = 'pwdChangeNextLogin' in self.properties_touched_after_open and self['pwdChangeNextLogin'] == '0'
 
 		now = (long(time.time()) / 3600 / 24)
 		shadowLastChange = str(int(now))
@@ -2542,6 +2570,12 @@ class object(univention.admin.handlers.simpleLdap):
 	def _ldap_attributes(cls):
 		return ['*', 'pwdAccountLockedTime']
 
+	def __setitem__(self, key, value):
+		if self._open and key == 'pwdChangeNextLogin':
+			self.properties_touched_after_open.add(key)
+		# univention.admin.handlers.simpleLdap.__setitem__(self, key, value)
+		super(object, self).__setitem__(key, value)
+
 	@classmethod
 	def rewrite(cls, filter, mapping):
 		if filter.variable == 'username':