diff --git a/restapi/admin_users.go b/restapi/admin_users.go
index e22ee4891..688373123 100644
--- a/restapi/admin_users.go
+++ b/restapi/admin_users.go
@@ -213,7 +213,14 @@ func getUserAddResponse(session *models.Principal, params admin_api.AddUserParam
 	// create a minioClient interface implementation
 	// defining the client to be used
 	adminClient := AdminClient{Client: mAdmin}
+	var userExists bool
 
+	_, err = adminClient.getUserInfo(ctx, *params.Body.AccessKey)
+	userExists = err == nil
+
+	if userExists {
+		return nil, prepareError(errNonUniqueAccessKey)
+	}
 	user, err := addUser(
 		ctx,
 		adminClient,
diff --git a/restapi/error.go b/restapi/error.go
index c68abfb3d..d8c3568bc 100644
--- a/restapi/error.go
+++ b/restapi/error.go
@@ -33,7 +33,8 @@ var (
 	errLicenseNotFound              = errors.New("license not found")
 	errAvoidSelfAccountDelete       = errors.New("logged in user cannot be deleted by itself")
 	errAccessDenied                 = errors.New("access denied")
-	errOauth2Provider               = errors.New("error contacting the external identity provider")
+	errOauth2Provider               = errors.New("unable to contact configured identity provider")
+	errNonUniqueAccessKey           = errors.New("access key already in use")
 )
 
 // Tiering errors