diff --git a/selftest/knownfail b/selftest/knownfail
index deeb8fac695..753442e02d7 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -273,7 +273,6 @@
 ^samba.wbinfo_simple.\(s4member:local\).--allocate-gid
 ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid
 ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --getdcname against plugin_s4_dc\(plugin_s4_dc:local\)
 #
 # These do not work against winbindd in member mode for unknown reasons
 #
diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c
index bc952cd03de..db6cde93022 100644
--- a/source3/winbindd/wb_dsgetdcname.c
+++ b/source3/winbindd/wb_dsgetdcname.c
@@ -45,18 +45,28 @@ struct tevent_req *wb_dsgetdcname_send(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	if (strequal(domain_name, "BUILTIN")
-	    || strequal(domain_name, get_global_sam_name())) {
+	if (strequal(domain_name, "BUILTIN")) {
 		/*
-		 * Two options here: Give back our own address, or say there's
-		 * nobody around. Right now opting for the latter, one measure
-		 * to prevent the loopback connects. This might change if
-		 * needed.
+		 * This makes no sense
 		 */
 		tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND);
 		return tevent_req_post(req, ev);
 	}
 
+	if (strequal(domain_name, get_global_sam_name())) {
+		int role = lp_server_role();
+		if ( role != ROLE_ACTIVE_DIRECTORY_DC ) {
+			/*
+			 * Two options here: Give back our own address, or say there's
+			 * nobody around. Right now opting for the latter, one measure
+			 * to prevent the loopback connects. This might change if
+			 * needed.
+			 */
+			tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND);
+			return tevent_req_post(req, ev);
+		}
+	}
+
 	if (IS_DC) {
 		/*
 		 * We have to figure out the DC ourselves