diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6c9cf130d04..16cd587ed30 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -304,6 +304,7 @@ struct passwd *Get_Pwnam_alloc(TALLOC_CTX *mem_ctx, const char *user);
 /* The following definitions come from lib/util_names.c  */
 const char *get_global_sam_name(void);
 const char *my_sam_name(void);
+bool is_allowed_domain(const char *domain_name);
 
 /* The following definitions come from lib/util.c  */
 
diff --git a/source3/lib/util_names.c b/source3/lib/util_names.c
index 15236c913df..630a25875c7 100644
--- a/source3/lib/util_names.c
+++ b/source3/lib/util_names.c
@@ -182,3 +182,23 @@ const char *my_sam_name(void)
 
 	return lp_workgroup();
 }
+
+bool is_allowed_domain(const char *domain_name)
+{
+	const char **ignored_domains = NULL;
+	const char **dom = NULL;
+
+	ignored_domains = lp_parm_string_list(-1,
+					      "winbind",
+					      "ignore domains",
+					      NULL);
+
+	for (dom = ignored_domains; dom != NULL && *dom != NULL; dom++) {
+		if (gen_fnmatch(*dom, domain_name) == 0) {
+			DBG_NOTICE("Ignoring domain '%s'\n", domain_name);
+			return false;
+		}
+	}
+
+	return true;
+}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index a5f5defcd87..414b770a271 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -126,8 +126,6 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
 				   struct winbindd_domain **_d)
 {
 	struct winbindd_domain *domain = NULL;
-	const char **ignored_domains = NULL;
-	const char **dom = NULL;
 	int role = lp_server_role();
 	struct dom_sid_buf buf;
 
@@ -136,12 +134,8 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
-	for (dom=ignored_domains; dom && *dom; dom++) {
-		if (gen_fnmatch(*dom, domain_name) == 0) {
-			DEBUG(2,("Ignoring domain '%s'\n", domain_name));
-			return NT_STATUS_NO_SUCH_DOMAIN;
-		}
+	if (!is_allowed_domain(domain_name)) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
 	}
 
 	/*