diff --git a/src/modules/admin-toolkit/config b/src/modules/admin-toolkit/config
index 66530141..d7e35732 100644
--- a/src/modules/admin-toolkit/config
+++ b/src/modules/admin-toolkit/config
@@ -13,11 +13,16 @@
 ######### User Required Section ###########################
 #
 #  Adding another user requires at least a username.
+#  If the user already exists, it will not be recreated,
+#  but the password and ssh keys will be changed.
 #  A home folder will be created.
 #  The default profile will be set to bash.
 #  Default password is raspberry. PLEASE CHANGE THIS. 
 #  User will be added to the sudo and adm group. 
 #
+#  If the user specified is not pi, pi's password will be
+#  set to a randomly generated string.
+#
 ###########################################################
 
 #  add user name,  If left "default", no user will be added.
diff --git a/src/modules/admin-toolkit/start_chroot_script b/src/modules/admin-toolkit/start_chroot_script
index 29adc353..f9bcfb03 100644
--- a/src/modules/admin-toolkit/start_chroot_script
+++ b/src/modules/admin-toolkit/start_chroot_script
@@ -18,22 +18,26 @@ install_cleanup_trap
 if [ "$ADMIN_TOOLKIT_NAME" != "default" ]
 then
 
-    # add user
+    # add user if it doesn't already exist
     if [ "$ADMIN_TOOLKIT_FULLNAME" != "default" ]
     then
         echo "Adding user $ADMIN_TOOLKIT_NAME with GECOS fields"
-        useradd -m -s $(which bash) -G sudo,adm "${ADMIN_TOOLKIT_NAME}" -c "${ADMIN_TOOLKIT_FULLNAME}"
+        id "${ADMIN_TOOLKIT_NAME}" || useradd -m -s $(which bash) -G sudo,adm "${ADMIN_TOOLKIT_NAME}" -c "${ADMIN_TOOLKIT_FULLNAME}"
     else
         echo "Adding user $ADMIN_TOOLKIT_NAME"
-        useradd -m -s $(which bash) -G sudo,adm "${ADMIN_TOOLKIT_NAME}"
+        id "${ADMIN_TOOLKIT_NAME}" || useradd -m -s $(which bash) -G sudo,adm "${ADMIN_TOOLKIT_NAME}"
     fi
 
     # check for override password
     if [ "$ADMIN_TOOLKIT_PASSWORD" != "default" ]
     then
         echo "${ADMIN_TOOLKIT_NAME}:${ADMIN_TOOLKIT_PASSWORD}" | chpasswd
-        RANDOM_PW=$(date +%s | sha256sum | base64 | head -c 32)
-        echo "pi:${RANDOM_PW}" | chpasswd
+        # if creating a user other than 'pi', set pi's password to a random string
+        if [ "${ADMIN_TOOLKIT_NAME}" != "pi" ]
+        then
+            RANDOM_PW=$(date +%s | sha256sum | base64 | head -c 32)
+            echo "pi:${RANDOM_PW}" | chpasswd
+        fi
     else
         echo "${ADMIN_TOOLKIT_NAME}:raspberry" | chpasswd
     fi