diff --git a/src/methods/account_new.rs b/src/methods/account_new.rs
index 23f1990..bf991df 100644
--- a/src/methods/account_new.rs
+++ b/src/methods/account_new.rs
@@ -59,7 +59,7 @@ pub mod email {
         Ok(json!({"result": "success"}).into())
     }
 
-    async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
+    pub async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
         sqlx::query_as::<_, AccountWolves>(
             r#"
         SELECT *
@@ -410,7 +410,7 @@ pub mod account {
         ldap.extended(tmp).unwrap();
 
         // user is already verified by being an active member on wolves
-        if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await {
+        if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], false).await {
             println!("Couldnt add {} to skynet-users: {:?}", username, e)
         }
 
diff --git a/src/methods/account_update.rs b/src/methods/account_update.rs
index 7d0a90b..0bb85dc 100644
--- a/src/methods/account_update.rs
+++ b/src/methods/account_update.rs
@@ -1,5 +1,6 @@
-use crate::State;
+use crate::{methods::account_new::email::get_wolves_mail, update_group, Config, State};
 use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry};
+use sqlx::{Pool, Sqlite};
 use std::collections::{HashMap, HashSet};
 use tide::{
     prelude::{json, Deserialize, Serialize},
@@ -39,6 +40,7 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
     }
 
     let config = &req.state().config;
+    let db = &req.state().db;
 
     // easier to give each request its own connection
     let mut ldap = LdapConn::new(&config.ldap_host)?;
@@ -48,18 +50,30 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
 
     // always assume insecure
     let mut pw_keep_same = false;
+    let mut is_skynet_user = false;
 
     // get the users current password hash
-    let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?;
+    let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
     if !rs.is_empty() {
         let tmp = SearchEntry::construct(rs[0].clone());
-        if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
+        if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
             pw_keep_same = true;
         }
+        if tmp.attrs.contains_key("memberOf") {
+            for group in tmp.attrs["memberOf"].clone() {
+                if group.contains("skynet-users") {
+                    is_skynet_user = true;
+                }
+            }
+        }
     }
 
     // check if the password field itself is being updated
     let pass_new = if &field != "userPassword" {
+        if !is_skynet_user && &field == "mail" {
+            activate_group(db, config, &user, &value).await;
+        }
+
         // if password is not being updated then just update the required field
         let mods = vec![
             // the value we are updating
@@ -128,3 +142,13 @@ fn get_result_values(attrs: &HashMap<String, Vec<String>>, field: &str) -> Optio
     }
     None
 }
+
+async fn activate_group(db: &Pool<Sqlite>, config: &Config, user: &str, mail: &str) {
+    // check if user has this mail in teh wolves db
+    if !get_wolves_mail(db, mail).await.is_empty() {
+        // if so then activate
+        if let Err(e) = update_group(config, "skynet-users", &vec![user.to_string()], false).await {
+            println!("Couldnt add {} to skynet-users: {:?}", user, e)
+        }
+    }
+}