2 files changed, 10 insertions, 12 deletions

diff --git a/libds/common/flags.h b/libds/common/flags.h
index 49750241202..96709af118e 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -64,8 +64,7 @@
 		UF_NORMAL_ACCOUNT |\
 		UF_INTERDOMAIN_TRUST_ACCOUNT |\
 		UF_WORKSTATION_TRUST_ACCOUNT |\
-		UF_SERVER_TRUST_ACCOUNT |\
-		UF_PARTIAL_SECRETS_ACCOUNT \
+		UF_SERVER_TRUST_ACCOUNT \
                 )
 
 #define UF_SETTABLE_BITS (\
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 54e2e5e6299..f491a0035c7 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1746,17 +1746,16 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
 
 	case UF_WORKSTATION_TRUST_ACCOUNT:
 		new_is_critical = false;
-		break;
-
-	case (UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT):
-		if (!is_computer) {
-			ldb_asprintf_errstring(ldb,
-				"%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT "
-				"requires objectclass 'computer'!",
-				W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
-			return LDB_ERR_UNWILLING_TO_PERFORM;
+		if (new_uac & UF_PARTIAL_SECRETS_ACCOUNT) {
+			if (!is_computer) {
+				ldb_asprintf_errstring(ldb,
+						       "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT "
+						       "requires objectclass 'computer'!",
+						       W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+			new_is_critical = true;
 		}
-		new_is_critical = true;
 		break;
 
 	case UF_SERVER_TRUST_ACCOUNT: