diff --git a/addressbook/inc/class.addressbook_ads.inc.php b/addressbook/inc/class.addressbook_ads.inc.php
index ac04f29623..c4bcde002b 100644
--- a/addressbook/inc/class.addressbook_ads.inc.php
+++ b/addressbook/inc/class.addressbook_ads.inc.php
@@ -103,6 +103,7 @@ class addressbook_ads extends addressbook_ldap
 			'account_id'	=> 'objectsid',
 			'account_lid'	=> 'samaccountname',
 			'contact_uid'   => 'objectguid',
+			'accountexpires', 'useraccountcontrol',	// needed to exclude deactivated or expired accounts
 		);
 
 		foreach($this->schema2egw as $schema => $attributes)
@@ -182,6 +183,9 @@ class addressbook_ads extends addressbook_ldap
 		// ignore system accounts
 		if ($contact['account_id'] < accounts_ads::MIN_ACCOUNT_ID) return false;
 
+		// ignore deactivated or expired accounts
+		if (!$this->accounts_ads->user_active($data)) return false;
+
 		$this->_inetorgperson2egw($contact, $data);
 	}
 
diff --git a/phpgwapi/inc/class.accounts.inc.php b/phpgwapi/inc/class.accounts.inc.php
index c45e44c6e1..bffe050a66 100644
--- a/phpgwapi/inc/class.accounts.inc.php
+++ b/phpgwapi/inc/class.accounts.inc.php
@@ -544,6 +544,8 @@ class accounts
 	/**
 	 * test if an account is expired
 	 *
+	 * Can be used static if array with user-data is supplied
+	 *
 	 * @param array $data=null array with account data, not specifying the account is depricated!!!
 	 * @return boolean true=expired (no more login possible), false otherwise
 	 */
@@ -559,6 +561,8 @@ class accounts
 	/**
 	 * Test if an account is active - NOT deactivated or expired
 	 *
+	 * Can be used static if array with user-data is supplied
+	 *
 	 * @param int|array $data account_id or array with account-data
 	 * @return boolean false if account does not exist, is expired or decativated, true otherwise
 	 */
@@ -566,7 +570,7 @@ class accounts
 	{
 		if (!is_array($data)) $data = $this->read($data);
 
-		return $data && !($this->is_expired($data) || $data['account_status'] != 'A');
+		return $data && !(self::is_expired($data) || $data['account_status'] != 'A');
 	}
 
 	/**
diff --git a/phpgwapi/inc/class.accounts_ads.inc.php b/phpgwapi/inc/class.accounts_ads.inc.php
index d9d711f196..2741cf3923 100644
--- a/phpgwapi/inc/class.accounts_ads.inc.php
+++ b/phpgwapi/inc/class.accounts_ads.inc.php
@@ -486,11 +486,30 @@ class accounts_ads
 			'account_modified' => !isset($data['whenchanged'][0]) ? null :
 				self::_when2ts($data['whenchanged'][0]),
 		);
+		// expired accounts are NOT active
+		if ($user['account_expires'] !== -1 && $user['account_expires'] < time())
+		{
+			$user['account_status'] = false;
+		}
 		$user['person_id'] = $user['account_guid'];	// id of contact
 		//error_log(__METHOD__."(".array2string($data).") returning ".array2string($user));
 		return $user;
 	}
 
+	/**
+	 * Check if user is active
+	 *
+	 * @param array $data values for attributes 'useraccountcontrol' and 'accountexpires'
+	 * @return boolean true if user is active, false otherwise
+	 */
+	public function user_active(array $data)
+	{
+		$user = $this->_ldap2user($data);
+		$active = accounts::is_active($user);
+		//error_log(__METHOD__."(cn={$data['cn'][0]}, useraccountcontrol={$data['useraccountcontrol'][0]}, accountexpires={$data['accountexpires'][0]}) user=".array2string($user)." returning ".array2string($active));
+		return $active;
+	}
+
 	/**
 	 * Reads the data of one user
 	 *
diff --git a/setup/check_install.php b/setup/check_install.php
index 1a1b5d0a84..9998720817 100644
--- a/setup/check_install.php
+++ b/setup/check_install.php
@@ -400,7 +400,7 @@ function pear_check($package,$args)
 		}
 		if ($pear_available && $package)
 		{
-			$file = str_replace('_','/',$package).'.php';
+			$file = str_replace('_','/',$package == 'Mail_Mime' ? 'Mail_mime' : $package).'.php';
 
 			$available = @include_once($file);
 
diff --git a/setup/inc/class.setup_cmd_ldap.inc.php b/setup/inc/class.setup_cmd_ldap.inc.php
index f2a33361e6..4e6df3c317 100644
--- a/setup/inc/class.setup_cmd_ldap.inc.php
+++ b/setup/inc/class.setup_cmd_ldap.inc.php
@@ -30,7 +30,7 @@
  * setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
  * 	ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
  * 	ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
- * 	attributes=@inetOrgPerson,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
+ * 	attributes=@inetOrgPerson,accountExpires=shadowExpire,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
  *
  * - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
  */
@@ -333,6 +333,14 @@ class setup_cmd_ldap extends setup_cmd
 				if ($value)
 				{
 					$to = isset($rename[$attr]) ? $rename[$attr] : $attr;
+					// special handling for copying shadowExpires to accountExpires (not set or 0 is handled by classicupgrade!)
+					if ($attr == 'shadowexpire' && strtolower($to) == 'accountexpires')
+					{
+						if (is_null($utc_diff)) $utc_diff = date('Z');
+						$value = $value*24*3600+$utc_diff;	// ldap time to unixTime
+						$update['accountexpires'] = accounts_ads::convertUnixTimeToWindowsTime($value);
+						continue;
+					}
 					unset($prefix);
 					if ($to[0] == '{')	// eg. {smtp:}proxyAddresses=forwardTo
 					{