diff --git a/lam/HISTORY b/lam/HISTORY
index e9a71a62..8188ee61 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,7 +2,7 @@ September 2016
   - Windows: allow to show effective members of a group
   - LAM Pro:
    -> Group of names/members + roles: allow to show effective members of a group
-   -> Cron jobs: Move or delete expired accounts (Shadow, qmail, FreeRadius)
+   -> Cron jobs: Move or delete expired accounts (Shadow, Windows, qmail, FreeRadius)
 
 
 21.06.2016 5.4
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 65d5c780..6cba09f0 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2374,6 +2374,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
           "2016-12-31".</para>
         </section>
 
+        <section>
+          <title>Windows: Delete or move expired accounts</title>
+
+          <para>You can automatically delete or move expired accounts.</para>
+
+          <screenshot>
+            <mediaobject>
+              <imageobject>
+                <imagedata fileref="images/jobs_windowsCleanup.png" />
+              </imageobject>
+            </mediaobject>
+          </screenshot>
+
+          <table>
+            <title>Options</title>
+
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">Option</emphasis></entry>
+
+                  <entry><emphasis role="bold">Description</emphasis></entry>
+                </row>
+
+                <row>
+                  <entry>Delay</entry>
+
+                  <entry>Number of days to wait after the account is
+                  expired.</entry>
+                </row>
+
+                <row>
+                  <entry>Action</entry>
+
+                  <entry>Delete or move accounts</entry>
+                </row>
+
+                <row>
+                  <entry>Target DN</entry>
+
+                  <entry>Move only: specifies the DN where accounts are
+                  moved</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </table>
+        </section>
+
         <section>
           <title>FreeRadius: Delete or move expired accounts</title>
 
diff --git a/lam/docs/manual-sources/images/jobs_windowsCleanup.png b/lam/docs/manual-sources/images/jobs_windowsCleanup.png
new file mode 100644
index 00000000..42e4a4c3
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_windowsCleanup.png differ
diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc
index e81d43b3..f91a5dd3 100644
--- a/lam/lib/modules/windowsUser.inc
+++ b/lam/lib/modules/windowsUser.inc
@@ -3147,7 +3147,8 @@ class windowsUser extends baseModule implements passwordService {
 	 */
 	public function getSupportedJobs(&$config) {
 		return array(
-			new WindowsPasswordNotifyJob()
+			new WindowsPasswordNotifyJob(),
+			new WindowsAccountExpirationCleanupJob()
 		);
 	}
 
@@ -3309,6 +3310,79 @@ if (interface_exists('\LAM\JOB\Job', false)) {
 
 	}
 
+	/**
+	 * Job to delete or move users on account expiration.
+	 *
+	 * @package jobs
+	 */
+	class WindowsAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
+
+		/**
+		 * Returns the alias name of the job.
+		 *
+		 * @return String name
+		 */
+		public function getAlias() {
+			return _('Windows') .  ': ' . _('Cleanup expired user accounts');
+		}
+
+		/**
+		 * Returns the description of the job.
+		 *
+		 * @return String description
+		 */
+		public function getDescription() {
+			return _('This job deletes or moves user accounts when they expire.');
+		}
+
+		/**
+		 * Searches for users in LDAP.
+		 *
+		 * @param String $jobID unique job identifier
+		 * @param array $options config options (name => value)
+		 * @return array list of user attributes
+		 */
+		protected function findUsers($jobID, $options) {
+			// read users
+			$attrs = array('accountExpires');
+			$userResults = searchLDAPByFilter('(accountExpires=*)', $attrs, array('user'));
+			return $userResults;
+		}
+
+		/**
+		 * Checks if a user is expired.
+		 *
+		 * @param integer $jobID job ID
+		 * @param array $options job settings
+		 * @param PDO $pdo PDO
+		 * @param DateTime $now current time
+		 * @param array $policyOptions list of policy options by getPolicyOptions()
+		 * @param array $user user attributes
+		 * @param boolean $isDryRun just do a dry run, nothing is modified
+		 */
+		protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
+			$seconds = substr($user['accountexpires'][0], 0, -7);
+			$expireTime = new DateTime('1601-01-01', new DateTimeZone('UTC'));
+			$expireTime->add(new DateInterval('PT' . $seconds . 'S'));
+			$expireTime->setTimezone(getTimeZone());
+			logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
+			$delay = 0;
+			if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
+				$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
+			}
+			$actionTime = clone $expireTime;
+			if ($delay != 0) {
+				$actionTime->add(new DateInterval('P' . $delay . 'D'));
+			}
+			$actionTime->setTimeZone(getTimeZone());
+			logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
+			if ($actionTime <= $now) {
+				$this->performAction($jobID, $options, $user, $isDryRun);
+			}
+		}
+
+	}
+
 }
 
 ?>