diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java
index 0c15d2f70c5..46b760352bb 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java
@@ -1149,6 +1149,16 @@ private static <F extends ObjectType> void checkObjectPolicy(LensFocusContext<F>
 					} else {
 						PropertyDelta<Object> nameDelta = focusDelta.findPropertyDelta(itemPath);
 						if (nameDelta != null) {
+							if (nameDelta.isReplace()) {
+								Collection<PrismPropertyValue<Object>> valuesToReplace = nameDelta.getValuesToReplace();
+								if (valuesToReplace.size() == 1) {
+									String stringValue = valuesToReplace.iterator().next().getValue().toString();
+									if (focusContext.getOid().equals(stringValue)) {
+										// This is OK. It is most likely a correction made by a recompute.
+										continue;
+									}
+								}
+							}
 							throw new PolicyViolationException("Cannot change "+itemPath+" in oid bound mode");
 						}
 					}
diff --git a/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java b/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
index 1f96acc6b7b..af453e0e891 100644
--- a/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
+++ b/model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
@@ -1484,27 +1484,36 @@ protected void setDefaultObjectTemplate(QName objectType, String userTemplateOid
 		PrismObject<SystemConfigurationType> systemConfig = repositoryService.getObject(SystemConfigurationType.class,
 				SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, parentResult);
 		
-		PrismContainerValue<ObjectPolicyConfigurationType> deleteValue = null;
+		PrismContainerValue<ObjectPolicyConfigurationType> oldValue = null;
 		for (ObjectPolicyConfigurationType focusPolicyType: systemConfig.asObjectable().getDefaultObjectPolicyConfiguration()) {
 			if (objectType.equals(focusPolicyType.getType())) {
-				deleteValue = focusPolicyType.asPrismContainerValue();
+				oldValue = focusPolicyType.asPrismContainerValue();
 			}
 		}
 		Collection<? extends ItemDelta> modifications = new ArrayList<ItemDelta>();
 		
-		if (deleteValue != null) {
+		if (oldValue != null) {
 			ContainerDelta<ObjectPolicyConfigurationType> deleteDelta = ContainerDelta.createModificationDelete(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, 
-					SystemConfigurationType.class, prismContext, deleteValue);
+					SystemConfigurationType.class, prismContext, oldValue.clone());
 			((Collection)modifications).add(deleteDelta);
 		}
 		
-		ObjectPolicyConfigurationType newFocusPolicyType = new ObjectPolicyConfigurationType();
-		newFocusPolicyType.setType(objectType);
+		ObjectPolicyConfigurationType newFocusPolicyType;
+		ContainerDelta<ObjectPolicyConfigurationType> addDelta;
+		if (oldValue == null) {
+			newFocusPolicyType = new ObjectPolicyConfigurationType();
+			newFocusPolicyType.setType(objectType);
+			addDelta = ContainerDelta.createModificationAdd(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, 
+					SystemConfigurationType.class, prismContext, newFocusPolicyType);
+		} else {
+			PrismContainerValue<ObjectPolicyConfigurationType> newValue = oldValue.clone();
+			addDelta = ContainerDelta.createModificationAdd(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, 
+					SystemConfigurationType.class, prismContext, newValue);
+			newFocusPolicyType = newValue.asContainerable();
+		}
 		ObjectReferenceType templateRef = new ObjectReferenceType();
 		templateRef.setOid(userTemplateOid);
 		newFocusPolicyType.setObjectTemplateRef(templateRef);
-		ContainerDelta<ObjectPolicyConfigurationType> addDelta = ContainerDelta.createModificationAdd(SystemConfigurationType.F_DEFAULT_OBJECT_POLICY_CONFIGURATION, 
-				SystemConfigurationType.class, prismContext, newFocusPolicyType);
 		((Collection)modifications).add(addDelta);
 		
 		repositoryService.modifyObject(SystemConfigurationType.class,
diff --git a/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java b/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java
index 98df89347ba..5c57e9e8372 100644
--- a/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java
+++ b/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java
@@ -133,6 +133,8 @@ public class TestVillage extends AbstractStoryTest {
 	
 	public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "village");
 	
+	public static final File SYSTEM_CONFIGURATION_FILE = new File(TEST_DIR, "system-configuration.xml");
+	
 	public static final File OBJECT_TEMPLATE_USER_FILE = new File(TEST_DIR, "object-template-user.xml");
 	public static final String OBJECT_TEMPLATE_USER_OID = "10000000-0000-0000-0000-000000000222";
 		
@@ -183,10 +185,12 @@ public class TestVillage extends AbstractStoryTest {
 	protected static final File TASK_LIVE_SYNC_DUMMY_SOURCE_FILE = new File(TEST_DIR, "task-dumy-source-livesync.xml");
 	protected static final String TASK_LIVE_SYNC_DUMMY_SOURCE_OID = "10000000-0000-0000-5555-555500000001";
 	
-	private static final String USER_MIKE_FILENAME = COMMON_DIR_NAME + "/user-mike.xml";
-	private static final File USER_MIKE_FILE = new File(USER_MIKE_FILENAME);
+	private static final File USER_MIKE_FILE = new File(COMMON_DIR, "user-mike.xml");
 	private static final String USER_MIKE_OID = "c0c010c0-d34d-b33f-f00d-222333111111";
-	
+
+	private static final File USER_MURRAY_FILE = new File(TEST_DIR, "user-murray.xml");
+	private static final String USER_MURRAY_OID = "c0c010c0-d34d-b33f-f00d-1111111111aa";
+
 	private static final String ACCOUNT_HERMAN_USERNAME = "ht";
 	private static final String ACCOUNT_HERMAN_FIST_NAME = "Herman";
 	private static final String ACCOUNT_HERMAN_LAST_NAME = "Toothrot";
@@ -311,6 +315,11 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		
 	}
 	
+	@Override
+	protected File getSystemConfigurationFile() {
+		return SYSTEM_CONFIGURATION_FILE;
+	}
+	
 	@Test
     public void test000Sanity() throws Exception {
 		final String TEST_NAME = "test000Sanity";
@@ -706,6 +715,32 @@ public void test300AddProjectJollyRoger() throws Exception {
       //TODO: assertions
 	}
 	
+	/**
+	 * User is added to repo directly, so he does not have OID in employee number.
+	 * Recompute should fix that. This is a migration scenario.
+	 */
+	@Test
+    public void test350AddRepoUserNoEmployeeNumberRecompute() throws Exception {
+		final String TEST_NAME = "test350AddRepoUserNoEmployeeNumberRecompute";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        Task task = taskManager.createTaskInstance(TestTrafo.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        PrismObject<UserType> user = PrismTestUtil.parseObject(USER_MURRAY_FILE);
+        repositoryService.addObject(user, null, result);
+ 
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        recomputeUser(USER_MURRAY_OID, task, result);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+        
+        user = getUser(USER_MURRAY_OID);
+        assertEmployeeNumber(user);        
+	}
 	
 	private void assertLocGov(PrismObject<UserType> user, String expLoc, String expOrg) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException {
 		UserType userType = user.asObjectable();
@@ -741,6 +776,7 @@ private void assertUserNoRole(PrismObject<UserType> user, String firstName, Stri
         display("User", user);
    		assertUser(user, user.getOid(), username, firstName+" "+lastName,
    				firstName, lastName);
+   		assertEmployeeNumber(user);
    		assertLinks(user, 1);
         assertAccount(user, RESOURCE_DUMMY_SOURCE_OID);
         assertAssignments(user, RoleType.class, 0);
@@ -758,6 +794,7 @@ private void assertUserLdap(PrismObject<UserType> user, String firstName, String
         display("User", user);
    		assertUser(user, user.getOid(), username, firstName+" "+lastName,
    				firstName, lastName);
+   		assertEmployeeNumber(user);
         assertLinks(user, 2);
         assertAccount(user, RESOURCE_DUMMY_SOURCE_OID);
         
@@ -771,6 +808,11 @@ private void assertUserLdap(PrismObject<UserType> user, String firstName, String
 		IntegrationTestTools.assertIcfsNameAttribute(shadow, "uid="+username+",ou=people,dc=example,dc=com");
 	}
 	
+	private void assertEmployeeNumber(PrismObject<UserType> user) {
+		String employeeNumber = user.asObjectable().getEmployeeNumber();
+		assertEquals("Wrong employeeNumber in "+user, user.getOid(), employeeNumber);
+	}
+
 	private String getUsername(String firstName, String lastName, String orgName) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException {
 		String username = firstName+"."+lastName;
 		if (orgName != null) {
diff --git a/testing/story/src/test/resources/village/system-configuration.xml b/testing/story/src/test/resources/village/system-configuration.xml
new file mode 100644
index 00000000000..80c497f57a4
--- /dev/null
+++ b/testing/story/src/test/resources/village/system-configuration.xml
@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<systemConfiguration oid="00000000-0000-0000-0000-000000000001" version="0"
+	xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+    <name>SystemConfiguration</name>
+    <logging>
+    	<rootLoggerAppender>File Appender</rootLoggerAppender>
+    	<rootLoggerLevel>INFO</rootLoggerLevel>
+        <classLogger>
+	        <level>TRACE</level>
+	        <package>com.evolveum.midpoint.common.LoggingConfigurationManager</package>
+      	</classLogger>
+        <c:classLogger>
+            <c:level>TRACE</c:level>
+            <c:package>com.evolveum.midpoint.notifications</c:package>
+        </c:classLogger>
+        <appender xsi:type="c:FileAppenderConfigurationType" name="File Appender" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <pattern>%date [%thread] %-5level \(%logger{46}\): %message%n</pattern>
+            <fileName>target/test.log</fileName>
+            <append>true</append>
+        </appender>
+    </logging>
+    <defaultObjectPolicyConfiguration>
+    	<type>UserType</type>
+    	<propertyConstraint>
+    		<path>employeeNumber</path>
+    		<oidBound>true</oidBound>
+    	</propertyConstraint>
+    </defaultObjectPolicyConfiguration>
+    <notificationConfiguration>
+        <!--<dummyNotifier name="newAccounts">-->
+            <!--<categoryFilter><category>resourceObjectEvent</category></categoryFilter>-->
+            <!--<operationFilter><operation>add</operation></operationFilter>-->
+            <!--<statusFilter><status>success</status></statusFilter>-->
+        <!--</dummyNotifier>-->
+        <!--<dummyNotifier name="newAccountsViaExpression">-->
+            <!--<expressionFilter>-->
+                <!--<expression>-->
+                    <!--<script>-->
+                        <!--<code>event.isAccountRelated() &amp;&amp; event.isAdd() &amp;&amp; event.isSuccess()</code>-->
+                    <!--</script>-->
+                <!--</expression>-->
+            <!--</expressionFilter>-->
+        <!--</dummyNotifier>-->
+        <handler>
+	        <accountPasswordNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:accountPasswordNotifier</transport>
+	        </accountPasswordNotifier>
+        </handler>
+        <handler>
+	        <userPasswordNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:userPasswordNotifier</transport>
+	        </userPasswordNotifier>
+        </handler>
+        <handler>
+        	<status>success</status>
+	        <simpleResourceObjectNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:simpleAccountNotifier-SUCCESS</transport>
+	        </simpleResourceObjectNotifier>
+        </handler>
+        <handler>
+	        <status>failure</status>
+	        <simpleResourceObjectNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:simpleAccountNotifier-FAILURE</transport>
+	        </simpleResourceObjectNotifier>
+        </handler>
+        <handler>
+	        <operation>add</operation>
+	        <status>success</status>
+	        <simpleResourceObjectNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:simpleAccountNotifier-ADD-SUCCESS</transport>
+	        </simpleResourceObjectNotifier>
+        </handler>
+        <handler>
+	        <operation>delete</operation>
+	        <status>success</status>
+	        <simpleResourceObjectNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:simpleAccountNotifier-DELETE-SUCCESS</transport>
+	        </simpleResourceObjectNotifier>
+        </handler>
+        <handler>
+	        <simpleUserNotifier>
+	            <recipientExpression>
+	                <value>recipient@evolveum.com</value>
+	            </recipientExpression>
+	            <transport>dummy:simpleUserNotifier</transport>
+	        </simpleUserNotifier>
+        </handler>
+        <handler>
+	        <chained>
+	            <operation>add</operation>
+	        </chained>
+	        <chained>
+	            <simpleUserNotifier>
+	                <recipientExpression>
+	                    <value>recipient@evolveum.com</value>
+	                </recipientExpression>
+	                <transport>dummy:simpleUserNotifier-ADD</transport>
+	            </simpleUserNotifier>
+	        </chained>
+	    </handler>
+	    <handler>
+            <chained>
+                <operation>delete</operation>
+            </chained>
+            <chained>
+                <simpleUserNotifier>
+                    <recipientExpression>
+                        <value>recipient@evolveum.com</value>
+                    </recipientExpression>
+                    <transport>dummy:simpleUserNotifier-DELETE</transport>
+                </simpleUserNotifier>
+            </chained>
+        </handler>
+        <mail>
+            <redirectToFile>target/mail-notifications.log</redirectToFile>
+        </mail>
+    </notificationConfiguration>
+</systemConfiguration>
diff --git a/testing/story/src/test/resources/village/user-murray.xml b/testing/story/src/test/resources/village/user-murray.xml
new file mode 100644
index 00000000000..66013731898
--- /dev/null
+++ b/testing/story/src/test/resources/village/user-murray.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<user oid="c0c010c0-d34d-b33f-f00d-1111111111aa" 
+		xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+		xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+		xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
+		xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+		xmlns:xsd='http://www.w3.org/2001/XMLSchema'
+		xmlns:piracy='http://midpoint.evolveum.com/xml/ns/samples/piracy'>
+    <name>murray</name>
+    <fullName>Murray</fullName>
+    <givenName>Murray</givenName>
+    <familyName>The Skull</familyName>
+
+    <activation>
+    	<administrativeStatus>enabled</administrativeStatus>
+    </activation>
+</user>