diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index 41786dc048..847b06b5be 100644
--- management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -1978,7 +1974,7 @@ class object(univention.admin.handlers.simpleLdap):
 
 	# If you change anything here, please also check users/ldap.py
 	def _modlist_posix_password(self, ml):
-		if not self.exists() or self.hasChanged(['disabled', 'password']):
+		if not self.exists() or self.hasChanged(['disabled', 'password', 'locked']):
 			old_password = self.oldattr.get('userPassword', [''])[0]
 			password = self['password']
 
@@ -1991,7 +1987,7 @@ class object(univention.admin.handlers.simpleLdap):
 				password = old_password
 
 			password_hash = univention.admin.password.lock_password(password)
-			if self['disabled'] != '1':
+			if self['disabled'] != '1' and self['locked'] != '1':
 				password_hash = univention.admin.password.unlock_password(password_hash)
 			ml.append(('userPassword', old_password, password_hash))
 		return ml