diff --git a/api/errors.go b/api/errors.go
index 8fcd44758..48ea6ab75 100644
--- a/api/errors.go
+++ b/api/errors.go
@@ -7,7 +7,8 @@ const (
 
 // User errors.
 const (
-	ErrUserNotFound = Error("User not found")
+	ErrUserNotFound            = Error("User not found")
+	ErrAdminAlreadyInitialized = Error("Admin user already initialized")
 )
 
 // Endpoint errors.
diff --git a/api/http/user_handler.go b/api/http/user_handler.go
index b47cda7ca..38243b0a6 100644
--- a/api/http/user_handler.go
+++ b/api/http/user_handler.go
@@ -227,18 +227,28 @@ func (handler *UserHandler) handlePostAdminInit(w http.ResponseWriter, r *http.R
 		return
 	}
 
-	user := &portainer.User{
-		Username: "admin",
-	}
-	user.Password, err = handler.CryptoService.Hash(req.Password)
-	if err != nil {
-		Error(w, portainer.ErrCryptoHashFailure, http.StatusBadRequest, handler.Logger)
+	user, err := handler.UserService.User("admin")
+	if err == portainer.ErrUserNotFound {
+		user := &portainer.User{
+			Username: "admin",
+		}
+		user.Password, err = handler.CryptoService.Hash(req.Password)
+		if err != nil {
+			Error(w, portainer.ErrCryptoHashFailure, http.StatusBadRequest, handler.Logger)
+			return
+		}
+
+		err = handler.UserService.UpdateUser(user)
+		if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+	} else if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
 		return
 	}
-
-	err = handler.UserService.UpdateUser(user)
-	if err != nil {
-		Error(w, err, http.StatusInternalServerError, handler.Logger)
+	if user != nil {
+		Error(w, portainer.ErrAdminAlreadyInitialized, http.StatusForbidden, handler.Logger)
 		return
 	}
 }