diff --git a/src/authentic2/management/commands/clean-unused-accounts.py b/src/authentic2/management/commands/clean-unused-accounts.py
index bed77723e..1544b5e4f 100644
--- a/src/authentic2/management/commands/clean-unused-accounts.py
+++ b/src/authentic2/management/commands/clean-unused-accounts.py
@@ -28,6 +28,7 @@ from django.db.models import F
 from django.utils import timezone, translation
 
 from authentic2 import app_settings
+from authentic2.backends import get_user_queryset
 from authentic2.backends.ldap_backend import LDAPBackend
 from authentic2.utils import send_templated_mail
 from django_rbac.utils import get_ou_model
@@ -66,7 +67,7 @@ class Command(BaseCommand):
         # exclude user from LDAP directories based on their source name (or realm)
         realms = [block['realm'] for block in LDAPBackend.get_config() if block.get('realm')]
         self.user_qs = (
-            User.objects.all().exclude(oidc_account__isnull=False).exclude(userexternalid__source__in=realms)
+            get_user_queryset().exclude(oidc_account__isnull=False).exclude(userexternalid__source__in=realms)
         )
 
         translation.activate(settings.LANGUAGE_CODE)
diff --git a/tests/test_commands.py b/tests/test_commands.py
index b77a00724..822471b19 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -126,6 +126,20 @@ def test_clean_unused_account_disabled_by_default(db, simple_user, mailoutbox):
     assert len(mailoutbox) == 0
 
 
+def test_clean_unused_account_a2_user_exclude(app, db, simple_user, mailoutbox, freezer, settings):
+    settings.A2_USER_EXCLUDE = {'username': simple_user.username}
+    freezer.move_to('2018-01-01')
+    simple_user.ou.clean_unused_accounts_alert = 2
+    simple_user.ou.clean_unused_accounts_deletion = 3
+    simple_user.ou.save()
+
+    simple_user.last_login = now() - datetime.timedelta(days=2)
+    simple_user.save()
+
+    call_command('clean-unused-accounts')
+    assert len(mailoutbox) == 0
+
+
 def test_clean_unused_account_always_alert(db, simple_user, mailoutbox, freezer):
     simple_user.ou.clean_unused_accounts_alert = 2
     simple_user.ou.clean_unused_accounts_deletion = 3  # one day between alert and actual deletion