diff --git a/docs/admins/import/Import_Users.md b/docs/admins/import/Import_Users.md
index 94c5e5a297c..dc18da51aef 100644
--- a/docs/admins/import/Import_Users.md
+++ b/docs/admins/import/Import_Users.md
@@ -1,7 +1,7 @@
-tine Admin docs: Admin
+tine Admin docs: Admin User Import
 =================
 
-Version: Pino 2022.11
+Version: Pelle 2024.11
 
 HowTo: set passwords for users
 =================
@@ -39,3 +39,16 @@ Anastasia,Baleva,anastasija.baleva@wow.de,abelava
 ~~~
 method=Admin.importUser [-d] [-v] userlist.csv -- definition=admin_user_import_csv [password=PWFORALLNEWUSERS]
 ~~~
+
+HowTo: import list of users with email data and autogenerated password
+=================
+
+userlist.csv:
+~~~
+lastname,email,emailForwards,emailForwardOnly
+administrator,administrator@my.domain,admin@my.forward1 admin@my.forward2,1
+~~~
+
+~~~
+method=Admin.importUser [-d] [-v] userlist.csv -- definition=admin_user_import_csv_for_emailuser.xml
+~~~
diff --git a/tine20/Admin/Import/definitions/admin_user_import_csv_for_emailuser.xml b/tine20/Admin/Import/definitions/admin_user_import_csv_for_emailuser.xml
index 31fa41039ae..fa5d2a311f7 100644
--- a/tine20/Admin/Import/definitions/admin_user_import_csv_for_emailuser.xml
+++ b/tine20/Admin/Import/definitions/admin_user_import_csv_for_emailuser.xml
@@ -6,6 +6,7 @@
     <headline>1</headline>
     <dryrun>0</dryrun>
     <extension>csv</extension>
+    <passwordGenerator>\Tinebase_User_PasswordPolicy::generatePolicyConformPassword</passwordGenerator>
     <mapping>
         <field>
             <source>firstname</source>
@@ -35,5 +36,9 @@
             <source>emailForwards</source>
             <destination>emailForwards</destination>
         </field>
+        <field>
+            <source>emailForwardOnly</source>
+            <destination>emailForwardOnly</destination>
+        </field>
     </mapping>
 </config>
\ No newline at end of file
diff --git a/tine20/Tinebase/Model/FullUser.php b/tine20/Tinebase/Model/FullUser.php
index cac85c4eff4..67da8108328 100644
--- a/tine20/Tinebase/Model/FullUser.php
+++ b/tine20/Tinebase/Model/FullUser.php
@@ -333,7 +333,15 @@ public function applyOptionsAndGeneratePassword($options, $password = NULL)
         } elseif (! empty($options['password'])) {
             $userPassword = $options['password'];
         } elseif (! empty($options['passwordGenerator']) && is_callable($options['passwordGenerator'])) {
-            $userPassword = $options['passwordGenerator']($this);
+            if (is_string($options['passwordGenerator']) && str_contains($options['passwordGenerator'],
+                    'Tinebase_User_PasswordPolicy::generatePolicyConformPassword')
+            ) {
+                // TODO maybe the default should be a function call without param? how can we detect this?
+                $userPassword = $options['passwordGenerator']();
+            } else {
+                // passwordGenerator function expects user as its param
+                $userPassword = $options['passwordGenerator']($this);
+            }
         }
         
         $this->_addEmailUser($userPassword);
diff --git a/tine20/Tinebase/User.php b/tine20/Tinebase/User.php
index 16673d3524c..c03736b16dd 100644
--- a/tine20/Tinebase/User.php
+++ b/tine20/Tinebase/User.php
@@ -1414,7 +1414,7 @@ static public function createSystemUser(string $accountLoginName, Tinebase_Model
      * @param int $upperCase
      * @return string
      *
-     * TODO should have a param "usePWPolicy"
+     * @deprecated replace with Tinebase_User_PasswordPolicy::generatePolicyConformPassword
      */
     public static function generateRandomPassword($length = 12, $numSpecialChar = 1, $upperCase = 1)
     {