diff --git a/src/constants.js b/src/constants.js
index ef092e61c..c3aedaa56 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -14,6 +14,8 @@ exports = module.exports = {
     ADMIN_CLIENT_ID: 'webadmin', // oauth client id
     ADMIN_APPID: 'admin', // admin appid (settingsdb)
 
+    ADMIN_GROUP_ID: 'admin',
+
     GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
 
     DEFAULT_TOKEN_EXPIRATION: 7 * 24 * 60 * 60 * 1000, // 1 week
diff --git a/src/groupdb.js b/src/groupdb.js
index 0c38fd3b1..0d63b9403 100644
--- a/src/groupdb.js
+++ b/src/groupdb.js
@@ -22,6 +22,7 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    constants = require('./constants.js'),
     database = require('./database.js'),
     DatabaseError = require('./databaseerror');
 
@@ -217,5 +218,5 @@ function isMember(groupId, userId, callback) {
 }
 
 function addDefaultGroups(callback) {
-    add('admin', 'admin', callback);
+    add(constants.ADMIN_GROUP_ID, 'admin', callback);
 }
diff --git a/src/groups.js b/src/groups.js
index 1f71b4262..cc17bcfba 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -16,12 +16,11 @@ exports = module.exports = {
     isMember: isMember,
 
     getGroups: getGroups,
-    setGroups: setGroups,
-
-    ADMIN_GROUP_ID: 'admin' // see db migration code and groupdb._clear
+    setGroups: setGroups
 };
 
 var assert = require('assert'),
+    constants = require('./constants.js'),
     DatabaseError = require('./databaseerror.js'),
     groupdb = require('./groupdb.js'),
     util = require('util');
@@ -88,7 +87,7 @@ function remove(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     // never allow admin group to be deleted
-    if (id === exports.ADMIN_GROUP_ID) return callback(new GroupError(GroupError.NOT_ALLOWED));
+    if (id === constants.ADMIN_GROUP_ID) return callback(new GroupError(GroupError.NOT_ALLOWED));
 
     groupdb.del(id, function (error) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupError(GroupError.NOT_FOUND));
diff --git a/src/routes/test/user-test.js b/src/routes/test/user-test.js
index 8c3082887..5760556f0 100644
--- a/src/routes/test/user-test.js
+++ b/src/routes/test/user-test.js
@@ -6,6 +6,7 @@
 'use strict';
 
 var config = require('../../config.js'),
+    constants = require('../../constants.js'),
     database = require('../../database.js'),
     tokendb = require('../../tokendb.js'),
     expect = require('expect.js'),
@@ -294,7 +295,7 @@ describe('User API', function () {
     it('set second user as admin succeeds', function (done) {
         superagent.put(SERVER_URL + '/api/v1/users/' + user_1.id + '/groups')
                .query({ access_token: token })
-               .send({ groupIds: [ groups.ADMIN_GROUP_ID ] })
+               .send({ groupIds: [ constants.ADMIN_GROUP_ID ] })
                .end(function (err, res) {
             expect(res.statusCode).to.equal(204);
 
@@ -319,7 +320,7 @@ describe('User API', function () {
 
             res.body.users.forEach(function (user) {
                 expect(user.admin).to.be(true);
-                expect(user.groupIds).to.eql([ groups.ADMIN_GROUP_ID ]);
+                expect(user.groupIds).to.eql([ constants.ADMIN_GROUP_ID ]);
             });
             done();
         });
diff --git a/src/routes/user.js b/src/routes/user.js
index a6f3fff22..6680c2f29 100644
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -14,13 +14,12 @@ exports = module.exports = {
 
 var assert = require('assert'),
     clients = require('../clients.js'),
+    constants = require('../constants.js'),
     generatePassword = require('../password.js').generate,
-    groups = require('../groups.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     oauth2 = require('./oauth2.js'),
     user = require('../user.js'),
-    tokendb = require('../tokendb.js'),
     UserError = user.UserError,
     _ = require('underscore');
 
@@ -182,7 +181,7 @@ function setGroups(req, res, next) {
     if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
 
     // this route is only allowed for admins, so req.user has to be an admin
-    if (req.user.id === req.params.userId && req.body.groupIds.indexOf(groups.ADMIN_GROUP_ID) === -1) return next(new HttpError(403, 'Admin removing itself from admins is not allowed'));
+    if (req.user.id === req.params.userId && req.body.groupIds.indexOf(constants.ADMIN_GROUP_ID) === -1) return next(new HttpError(403, 'Admin removing itself from admins is not allowed'));
 
     user.setGroups(req.params.userId, req.body.groupIds, function (error) {
         if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
diff --git a/src/test/apps-test.js b/src/test/apps-test.js
index 2cdb6b502..127b23ee4 100644
--- a/src/test/apps-test.js
+++ b/src/test/apps-test.js
@@ -114,7 +114,7 @@ describe('Apps', function () {
             userdb.add.bind(null, USER_1.id, USER_1),
             groups.create.bind(null, GROUP_0),
             groups.create.bind(null, GROUP_1),
-            groups.addMember.bind(null, groups.ADMIN_GROUP_ID, ADMIN_0.id),
+            groups.addMember.bind(null, constants.ADMIN_GROUP_ID, ADMIN_0.id),
             groups.addMember.bind(null, GROUP_0, USER_1.id),
             appdb.add.bind(null, APP_0.id, APP_0.appStoreId, APP_0.manifest, APP_0.location, APP_0.portBindings, APP_0),
             appdb.add.bind(null, APP_1.id, APP_1.appStoreId, APP_1.manifest, APP_1.location, APP_1.portBindings, APP_1),
diff --git a/src/test/groups-test.js b/src/test/groups-test.js
index 591d3097e..b52475200 100644
--- a/src/test/groups-test.js
+++ b/src/test/groups-test.js
@@ -7,6 +7,7 @@
 'use strict';
 
 var async = require('async'),
+    constants = require('../constants.js'),
     database = require('../database.js'),
     expect = require('expect.js'),
     groups = require('../groups.js'),
@@ -287,7 +288,7 @@ describe('Admin group', function () {
     after(cleanup);
 
     it('cannot delete admin group ever', function (done) {
-        groups.remove(groups.ADMIN_GROUP_ID, function (error) {
+        groups.remove(constants.ADMIN_GROUP_ID, function (error) {
             expect(error.reason).to.equal(GroupError.NOT_ALLOWED);
 
             done();
diff --git a/src/test/user-test.js b/src/test/user-test.js
index 741255d8c..88a3238ae 100644
--- a/src/test/user-test.js
+++ b/src/test/user-test.js
@@ -634,7 +634,7 @@ describe('User', function () {
 
                 user1.id = result.id;
 
-                user.setGroups(user1.id, [ groups.ADMIN_GROUP_ID ], function (error) {
+                user.setGroups(user1.id, [ constants.ADMIN_GROUP_ID ], function (error) {
                     expect(error).to.not.be.ok();
 
                     // one mail for user creation, one mail for admin change
@@ -644,7 +644,7 @@ describe('User', function () {
         });
 
         it('add user to non admin group does not trigger admin mail', function (done) {
-            user.setGroups(user1.id, [ groups.ADMIN_GROUP_ID, NON_ADMIN_GROUP ], function (error) {
+            user.setGroups(user1.id, [ constants.ADMIN_GROUP_ID, NON_ADMIN_GROUP ], function (error) {
                 expect(error).to.equal(null);
 
                 checkMails(0, done);
@@ -687,7 +687,7 @@ describe('User', function () {
 
                 user1.id = result.id;
 
-                groups.setGroups(user1.id, [ groups.ADMIN_GROUP_ID ], function (error) {
+                groups.setGroups(user1.id, [ constants.ADMIN_GROUP_ID ], function (error) {
                     expect(error).to.eql(null);
 
                     user.getAllAdmins(function (error, admins) {
diff --git a/src/user.js b/src/user.js
index 23f002fa6..487b5ed68 100644
--- a/src/user.js
+++ b/src/user.js
@@ -288,7 +288,7 @@ function listUsers(callback) {
         if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
         results.forEach(function (result) {
-            result.admin = result.groupIds.indexOf(groups.ADMIN_GROUP_ID) !== -1;
+            result.admin = result.groupIds.indexOf(constants.ADMIN_GROUP_ID) !== -1;
         });
         return callback(null, results);
     });
@@ -316,7 +316,7 @@ function getUser(userId, callback) {
             if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
             result.groupIds = groupIds;
-            result.admin = groupIds.indexOf(groups.ADMIN_GROUP_ID) !== -1;
+            result.admin = groupIds.indexOf(constants.ADMIN_GROUP_ID) !== -1;
 
             return callback(null, result);
         });
@@ -387,8 +387,8 @@ function setGroups(userId, groupIds, callback) {
             if (error && error.reason === GroupError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND, 'One or more groups not found'));
             if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
-            var isAdmin = groupIds.some(function (g) { return g === groups.ADMIN_GROUP_ID; });
-            var wasAdmin = oldGroupIds.some(function (g) { return g === groups.ADMIN_GROUP_ID; });
+            var isAdmin = groupIds.some(function (g) { return g === constants.ADMIN_GROUP_ID; });
+            var wasAdmin = oldGroupIds.some(function (g) { return g === constants.ADMIN_GROUP_ID; });
 
             if ((isAdmin && !wasAdmin) || (!isAdmin && wasAdmin)) {
                 getUser(userId, function (error, result) {
@@ -499,7 +499,7 @@ function createOwner(username, password, email, displayName, auditSource, callba
         createUser(username, password, email, displayName, auditSource, { owner: true }, function (error, user) {
             if (error) return callback(error);
 
-            groups.addMember(groups.ADMIN_GROUP_ID, user.id, function (error) {
+            groups.addMember(constants.ADMIN_GROUP_ID, user.id, function (error) {
                 if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
                 callback(null, user);
diff --git a/src/userdb.js b/src/userdb.js
index 075bf843a..8bc6bc6cd 100644
--- a/src/userdb.js
+++ b/src/userdb.js
@@ -18,10 +18,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    constants = require('./constants.js'),
     database = require('./database.js'),
     debug = require('debug')('box:userdb'),
-    DatabaseError = require('./databaseerror'),
-    groups = require('./groups.js');
+    DatabaseError = require('./databaseerror');
 
 var USERS_FIELDS = [ 'id', 'username', 'email', 'password', 'salt', 'createdAt', 'modifiedAt', 'resetToken', 'displayName', 'showTutorial' ].join(',');
 
@@ -76,7 +76,7 @@ function getOwner(callback) {
 
     // the first created user it the admin
     database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY createdAt LIMIT 1',
-            [ groups.ADMIN_GROUP_ID ], function (error, result) {
+            [ constants.ADMIN_GROUP_ID ], function (error, result) {
         if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
         if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
 
@@ -119,7 +119,7 @@ function getAllWithGroupIds(callback) {
 function getAllAdmins(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY username', [ groups.ADMIN_GROUP_ID ], function (error, results) {
+    database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY username', [ constants.ADMIN_GROUP_ID ], function (error, results) {
         if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
 
         results.forEach(postProcess);