diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index ef32260..4a53c0d 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -2198,6 +2198,10 @@ def _ldap_modlist(self):
 				if old_shadowExpire != shadowExpire:
 					ml.append(('shadowExpire', old_shadowExpire, shadowExpire))
 
+		if pwd_change_next_login == 0 and not self.exists() and self['pwdChangeNextLogin'] == '1':
+			# pwd_change_next_login is set to 0 above so that the code block below is not executed anymore
+			sambaPwdLastSetValue = '0'
+
 		if pwd_change_next_login == 1:	# ! self.modifypassword or no pwhistoryPolicy['expiryInterval']
 			if 'posix' in self.options or 'mail' in self.options:
 				pwhistoryPolicy = self.loadPolicyObject('policies/pwhistory')