--- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py	
+++ a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py	
@@ -36,6 +36,7 @@ import contextlib
 
 import univention.lib.admember
 import univention.config_registry
+import univention.admin.uldap
 from univention.management.console.modules.diagnostic import Critical
 from univention.management.console.modules.diagnostic import util
 
@@ -116,17 +117,36 @@ def check_dns_server_principal(hostname, domainname):
 		nsupdate(hostname, hostname, domainname)
 
 
+def is_s4_domain(config_registry):
+	ldap_hostdn = config_registry.get('ldap/hostdn')
+	(ldap_connection, position) = univention.admin.uldap.getMachineConnection()
+	filter_expression = '(univentionService=S4 Connector)'
+	res = ldap_connection.search(filter=filter_expression)
+	if res:
+		return True
+	return False
+
+def has_service_samba_or_samba4(config_registry):
+	ldap_hostdn = config_registry.get('ldap/hostdn')
+	(ldap_connection, position) = univention.admin.uldap.getMachineConnection()
+	filter_expression = '(|(univentionService=Samba 3)(univentionService=Samba 4))'
+	res = ldap_connection.search(base=ldap_hostdn, filter=filter_expression)
+	if res:
+		return True
+	return False
+
 def check_nsupdate(config_registry):
 	server = get_server(config_registry)
 	hostname = config_registry.get('hostname')
 	domainname = config_registry.get('domainname')
-	is_dc = config_registry.get('samba4/role') == 'DC'
 
-	try:
-		check_dns_machine_principal(server, hostname, domainname)
-	except UpdateError as error:
-		yield error
+	if is_s4_domain() and has_service_samba_or_samba4(config_registry):
+		try:
+			check_dns_machine_principal(server, hostname, domainname)
+		except UpdateError as error:
+			yield error
 
+	is_dc = config_registry.get('samba4/role') == 'DC'
 	if is_dc:
 		try:
 			check_dns_server_principal(hostname, domainname)