diff --git a/zerver/tests/test_signup.py b/zerver/tests/test_signup.py
index 19bfd06cb1..30e824a605 100644
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -2991,9 +2991,29 @@ class UserSignUpTest(InviteUserBase):
             self.assertEqual(result.url, "/accounts/login/?email=newuser%40zulip.com")
             self.assertFalse(UserProfile.objects.filter(email=email).exists())
 
-        # If the user's email is not in the LDAP directory, though, we
-        # successfully create an account with a password in the Zulip
-        # database.
+        # For the rest of the test we delete the user from ldap.
+        del self.mock_ldap.directory["uid=newuser,ou=users,dc=zulip,dc=com"]
+
+        # If the user's email is not in the LDAP directory, but fits LDAP_APPEND_DOMAIN,
+        # we refuse to create the account.
+        with self.settings(
+                POPULATE_PROFILE_VIA_LDAP=True,
+                LDAP_APPEND_DOMAIN='zulip.com',
+                AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
+        ):
+            result = self.submit_reg_form_for_user(email,
+                                                   password,
+                                                   full_name="Non-LDAP Full Name",
+                                                   # Pass HTTP_HOST for the target subdomain
+                                                   HTTP_HOST=subdomain + ".testserver")
+            self.assertEqual(result.status_code, 302)
+            # We get redirected back to the login page because emails matching LDAP_APPEND_DOMAIN,
+            # aren't allowed to create non-ldap accounts.
+            self.assertEqual(result.url, "/accounts/login/?email=newuser%40zulip.com")
+            self.assertFalse(UserProfile.objects.filter(email=email).exists())
+
+        # If the email is outside of LDAP_APPEND_DOMAIN, we succesfully create a non-ldap account,
+        # with the password managed in the zulip database.
         with self.settings(
                 POPULATE_PROFILE_VIA_LDAP=True,
                 LDAP_APPEND_DOMAIN='example.com',
diff --git a/zerver/views/registration.py b/zerver/views/registration.py
index f529f73fd8..47817ec6ba 100644
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -34,7 +34,8 @@ from zerver.views.auth import create_preregistration_user, redirect_and_log_into
     redirect_to_deactivation_notice, get_safe_redirect_to
 
 from zproject.backends import ldap_auth_enabled, password_auth_enabled, \
-    ZulipLDAPExceptionNoMatchingLDAPUser, email_auth_enabled, ZulipLDAPAuthBackend
+    ZulipLDAPExceptionNoMatchingLDAPUser, email_auth_enabled, ZulipLDAPAuthBackend, \
+    email_belongs_to_ldap
 
 from confirmation.models import Confirmation, RealmCreationKey, ConfirmationKeyException, \
     validate_key, create_confirmation_link, get_object_from_key, \
@@ -279,7 +280,13 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
                                         prereg_user=prereg_user,
                                         return_data=return_data)
             if user_profile is None:
-                if return_data.get("no_matching_ldap_user") and email_auth_enabled(realm):
+                can_use_different_backend = email_auth_enabled(realm)
+                if settings.LDAP_APPEND_DOMAIN:
+                    # In LDAP_APPEND_DOMAIN configurations, we don't allow making a non-ldap account
+                    # if the email matches the ldap domain.
+                    can_use_different_backend = can_use_different_backend and (
+                        not email_belongs_to_ldap(realm, email))
+                if return_data.get("no_matching_ldap_user") and can_use_different_backend:
                     # If both the LDAP and Email auth backends are
                     # enabled, and there's no matching user in the LDAP
                     # directory then the intent is to create a user in the