diff --git a/keystone/identity/core.py b/keystone/identity/core.py
index a95024ecf1..ccc2f9ee14 100644
--- a/keystone/identity/core.py
+++ b/keystone/identity/core.py
@@ -486,10 +486,12 @@ class Manager(manager.Manager):
     def __init__(self):
         super(Manager, self).__init__(CONF.identity.driver)
         self.domain_configs = DomainConfigs()
-
+        notifications.register_event_callback(
+            notifications.ACTIONS.internal, notifications.DOMAIN_DELETED,
+            self._domain_deleted
+        )
         self.event_callbacks = {
             notifications.ACTIONS.deleted: {
-                'domain': [self._domain_deleted],
                 'project': [self._unset_default_project],
             },
         }
@@ -498,6 +500,16 @@ class Manager(manager.Manager):
                         payload):
         domain_id = payload['resource_info']
 
+        driver = self._select_identity_driver(domain_id)
+
+        if not driver.is_sql:
+            # The LDAP driver does not support deleting users or groups.
+            # Moreover, we shouldn't destroy users and groups in an unknown
+            # driver. The only time when we should delete users and groups is
+            # when the backend is SQL because the foreign key in the SQL table
+            # forces us to.
+            return
+
         user_refs = self.list_users(domain_scope=domain_id)
         group_refs = self.list_groups(domain_scope=domain_id)
 
diff --git a/keystone/notifications.py b/keystone/notifications.py
index 40e7c31acb..cea86fc131 100644
--- a/keystone/notifications.py
+++ b/keystone/notifications.py
@@ -80,6 +80,7 @@ INVALIDATE_USER_TOKEN_PERSISTENCE = 'invalidate_user_tokens'
 INVALIDATE_USER_PROJECT_TOKEN_PERSISTENCE = 'invalidate_user_project_tokens'
 INVALIDATE_USER_OAUTH_CONSUMER_TOKENS = 'invalidate_user_consumer_tokens'
 INVALIDATE_TOKEN_CACHE_DELETED_IDP = 'invalidate_token_cache_from_deleted_idp'
+DOMAIN_DELETED = 'domain_deleted'
 
 
 class Audit(object):
diff --git a/keystone/resource/core.py b/keystone/resource/core.py
index efd9077806..e4ada76510 100644
--- a/keystone/resource/core.py
+++ b/keystone/resource/core.py
@@ -773,6 +773,9 @@ class Manager(manager.Manager):
                   'first.'))
 
         self._delete_domain_contents(domain_id)
+        notifications.Audit.internal(
+            notifications.DOMAIN_DELETED, domain_id
+        )
         self._delete_project(domain_id, initiator)
         try:
             self.get_domain.invalidate(self, domain_id)
diff --git a/releasenotes/notes/bug-1718747-50d39fa87bdbb12b.yaml b/releasenotes/notes/bug-1718747-50d39fa87bdbb12b.yaml
new file mode 100644
index 0000000000..2ee2f44bf6
--- /dev/null
+++ b/releasenotes/notes/bug-1718747-50d39fa87bdbb12b.yaml
@@ -0,0 +1,17 @@
+---
+fixes:
+  - |
+    [`bug 1718747 <https://bugs.launchpad.net/keystone/+bug/1718747>`_]
+    Fixes a regression where deleting a domain with users in it caues a server
+    error. This bugfix restores the previous behavior of deleting the users
+    namespaced in the domain. This only applies when using the SQL identity
+    backend.
+other:
+  - |
+    [`bug 1718747 <https://bugs.launchpad.net/keystone/+bug/1718747>`_]
+    As part of solving a regression in the identity SQL backend that prevented
+    domains containing users from being deleted, a notification callback was
+    altered so that users would only be deleted if the identity backend is SQL.
+    If you have a custom identity backend that is not read-only, deleting a
+    domain in keystone will not delete the users in your backend unless your
+    driver has an is_sql property that evaluates to true.