diff --git a/keycloak.yaml b/keycloak.yaml
index d084373..ee0968e 100644
--- a/keycloak.yaml
+++ b/keycloak.yaml
@@ -39,6 +39,7 @@ services:
         - ./data/keycloak/keycloak:/opt/keycloak/data
         - ./keycloak/client-create:/bin/client-create:ro
         - ./keycloak/create-user:/bin/create-user:ro
+        - ./keycloak/remind-user:/bin/remind-user:ro
         - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro
         - ./keycloak/entrypoint-setup.sh:/setup.sh:ro
         - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro
diff --git a/keycloak/create-user b/keycloak/create-user
index aa4b5e0..84d6205 100755
--- a/keycloak/create-user
+++ b/keycloak/create-user
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 die() { echo >&2 "$@" ; exit 1 ; }
-PATH=$PATH:/opt/local/keycloak/bin
+PATH=$PATH:/opt/keycloak/bin
 
 USERNAME="$1"
 EMAIL="$2"
@@ -10,14 +10,23 @@ if [ -z "$USERNAME" ] || [ -z "$EMAIL" ]; then
 	die "usage: $0 username email"
 fi
 
-ID=$(kcadm.sh create users \
+kcadm.sh create users \
 	-r $REALM \
 	-s enabled=true \
 	-s "username=$USERNAME" \
 	-s "email=$EMAIL" \
-)
+|| die "$USERNAME: unable to create"
+
+ID="$(kcadm.sh get users \
+	-r "$REALM" \
+	--fields id \
+	-q username="$USERNAME" \
+	--format csv \
+	--noquotes \
+)"
+
 if [ -z "$ID" ]; then
-	die "$USERNAME: unable to create"
+	die "$USERNAME: unable to fetch UID"
 fi
 
 echo "$USERNAME: $ID"
@@ -28,5 +37,9 @@ kcadm.sh update \
 	-r $REALM \
 	-q client_id=hedgedoc \
 	-q redirect_uri="https://${HEDGEDOC_HOSTNAME}.${DOMAIN_NAME}/s/Getting_started" \
-	-f -
+	-f - \
+|| die "$USERNAME: unable to send email?"
+
+echo "$USERNAME: email sent!"
+
 
diff --git a/keycloak/remind-user b/keycloak/remind-user
new file mode 100755
index 0000000..8b3f593
--- /dev/null
+++ b/keycloak/remind-user
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+die() { echo >&2 "$@" ; exit 1 ; }
+PATH=$PATH:/opt/keycloak/bin
+
+USERNAME="$1"
+
+if [ -z "$USERNAME" ]; then
+	die "usage: $0 username email"
+fi
+
+ID="$(kcadm.sh get users \
+	-r "$REALM" \
+	--fields id \
+	-q username="$USERNAME" \
+	--format csv \
+	--noquotes \
+)"
+
+if [ -z "$ID" ]; then
+	die "$USERNAME: unable to fetch UID"
+fi
+
+echo "$USERNAME: $ID"
+
+echo -n '["UPDATE_PASSWORD"]' | \
+kcadm.sh update \
+	"users/$ID/execute-actions-email" \
+	-r $REALM \
+	-q client_id=hedgedoc \
+	-q redirect_uri="https://${HEDGEDOC_HOSTNAME}.${DOMAIN_NAME}/s/Getting_started" \
+	-f - \
+|| die "$USERNAME: unable to send email?"
+
+echo "$USERNAME: email sent!"
+