diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
index 0622a89d4d..d6ba331d58 100644
--- a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
@@ -45,6 +45,8 @@ from samba.dcerpc import drsblobs
 import heimdal
 from ldap.controls import LDAPControl
 import traceback
+import univention.lib.account
+from univention.admin.handlers.users.user import unmapWindowsFiletime
 
 class Krb5Context(object):
 	def __init__(self):
@@ -857,7 +859,7 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
 	modlist = []
 
 	try:
-		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True)
+		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'pwdAccountLockedTime'], required=True)
 	except ldap.NO_SUCH_OBJECT:
 		ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn']))
 		return
@@ -866,18 +868,9 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
 
 	lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0]
 	if lockoutTime != "0":
-		if "L" not in sambaAcctFlags:
-			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)
-			new_sambaAcctFlags = acctFlags.set('L')
-			ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))
-			modlist.append(('sambaAcctFlags', sambaAcctFlags, new_sambaAcctFlags))
-
 		badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0]
-		if badPasswordTime != sambaBadPasswordTime:
-			ud.debug(ud.LDAP, ud.PROCESS, "%s: Copying badPasswordTime from S4: %s" % (function_name, badPasswordTime))
-			if sambaBadPasswordTime:
-				ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime))
-			modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime))
+		ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))
+		univention.lib.account.lock(ucs_object['dn'], unmapWindowsFiletime([badPasswordTime]))
 	else:
 		if "L" in sambaAcctFlags:
 			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)