diff --git a/application/controllers/GroupController.php b/application/controllers/GroupController.php
index d1575b9d0..e0f1263d5 100644
--- a/application/controllers/GroupController.php
+++ b/application/controllers/GroupController.php
@@ -5,12 +5,14 @@ namespace Icinga\Controllers;
 
 use Exception;
 use Icinga\Application\Logger;
+use Icinga\Authentication\User\DomainAwareInterface;
 use Icinga\Data\DataArray\ArrayDatasource;
 use Icinga\Data\Filter\Filter;
 use Icinga\Data\Reducible;
 use Icinga\Exception\NotFoundError;
 use Icinga\Forms\Config\UserGroup\AddMemberForm;
 use Icinga\Forms\Config\UserGroup\UserGroupForm;
+use Icinga\User;
 use Icinga\Web\Controller\AuthBackendController;
 use Icinga\Web\Form;
 use Icinga\Web\Notification;
@@ -297,8 +299,27 @@ class GroupController extends AuthBackendController
         $users = array();
         foreach ($this->loadUserBackends('Icinga\Data\Selectable') as $backend) {
             try {
-                foreach ($backend->select(array('user_name')) as $row) {
-                    $users[] = $row;
+                if ($backend instanceof DomainAwareInterface) {
+                    $domain = $backend->getDomain();
+                } else {
+                    $domain = null;
+                }
+                foreach ($backend->select(array('user_name')) as $user) {
+                    $userObj = new User($user->user_name);
+                    if ($domain !== null) {
+                        if ($userObj->hasDomain() && $userObj->getDomain() !== $domain) {
+                            // Users listed in a user backend which is configured to be responsible for a domain should
+                            // not have a domain in their username. Ultimately, if the username has a domain, it must
+                            // not differ from the backend's domain. We could log here - but hey, who cares :)
+                            continue;
+                        } else {
+                            $userObj->setDomain($domain);
+                        }
+                    }
+
+                    $user->user_name = $userObj->getUsername();
+
+                    $users[] = $user;
                 }
             } catch (Exception $e) {
                 Logger::error($e);
diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
index 62acac83b..9ff75cb9f 100644
--- a/application/controllers/UserController.php
+++ b/application/controllers/UserController.php
@@ -5,6 +5,7 @@ namespace Icinga\Controllers;
 
 use Exception;
 use Icinga\Application\Logger;
+use Icinga\Authentication\User\DomainAwareInterface;
 use Icinga\Data\DataArray\ArrayDatasource;
 use Icinga\Exception\ConfigurationError;
 use Icinga\Exception\NotFoundError;
@@ -96,7 +97,12 @@ class UserController extends AuthBackendController
             $this->httpNotFound(sprintf($this->translate('User "%s" not found'), $userName));
         }
 
-        $memberships = $this->loadMemberships(new User($userName))->select();
+        $userObj = new User($userName);
+        if ($backend instanceof DomainAwareInterface) {
+            $userObj->setDomain($backend->getDomain());
+        }
+
+        $memberships = $this->loadMemberships($userObj)->select();
 
         $this->setupFilterControl(
             $memberships,