diff --git a/services/univention-ldb-modules/modules/univention_samaccountname_ldap_check.c b/services/univention-ldb-modules/modules/univention_samaccountname_ldap_check.c
index ea3ebd2664..fb13082996 100644
--- a/services/univention-ldb-modules/modules/univention_samaccountname_ldap_check.c
+++ b/services/univention-ldb-modules/modules/univention_samaccountname_ldap_check.c
@@ -73,6 +73,7 @@
 #define DOM_SID_STR_BUFLEN (15*11+25)
 // From openldap/servers/slapd/slap.h
 #define SLAP_LDAPDN_MAXLEN 8192
+#define UF_SERVER_TRUST_ACCOUNT 0x00002000
 
 char *sid_to_string(const struct dom_sid *sid)
 {
@@ -134,6 +135,7 @@ static int univention_samaccountname_ldap_check_add(struct ldb_module *module, s
 	struct ldb_context *ldb;
 	struct ldb_message *msg;
 	struct ldb_message_element *attribute;
+	struct ldb_message_element *attribute2;
 	struct ldb_request *down_req = NULL;
 	bool is_computer = false;
 	bool is_group = false;
@@ -181,6 +183,18 @@ static int univention_samaccountname_ldap_check_add(struct ldb_module *module, s
 			return ldb_next_request(module, req);
 		}
 			
+		attribute2 = ldb_msg_find_element(req->op.add.message, "userAccountControl");
+		if( attribute2 == NULL ) {
+			// we can't handle this
+			ldb_debug(ldb, LDB_DEBUG_WARNING, ("%s: userAccountControl not found for '%s'\n"), ldb_module_get_name(module), attribute->values[0].data);
+			return ldb_next_request(module, req);
+		}
+		if (attribute2->values[0].data & UF_SERVER_TRUST_ACCOUNT) {
+			// It's a DC, we can't handle this in selectiveudm/create_windows_computer
+			ldb_debug(ldb, LDB_DEBUG_WARNING, ("%s: new computer object '%s' is a DC, that's ok\n"), ldb_module_get_name(module), attribute->values[0].data);
+			return ldb_next_request(module, req);
+		}
+
 		char *opt_name = malloc(5 + attribute->values[0].length + 1);
 		if (opt_name == NULL) {
 			return ldb_module_oom(module);