diff --git a/roles/proxmox/templates/sync-ldap.py.j2 b/roles/proxmox/templates/sync-ldap.py.j2
index 6c216b5..52264ee 100644
--- a/roles/proxmox/templates/sync-ldap.py.j2
+++ b/roles/proxmox/templates/sync-ldap.py.j2
@@ -3,6 +3,8 @@
 import collections
 import os
 import re
+import sys
+import syslog
 
 import ldap3
 
@@ -22,6 +24,7 @@ filters = [
 ]
 
 # run query
+syslog.syslog(f'querying server {ldap_host}')
 server = ldap3.Server(ldap_host, use_ssl=True)
 ldap = ldap3.Connection(server, ldap_user, ldap_pass, auto_bind=True)
 ldap.search(ldap_base,
@@ -38,6 +41,12 @@ for e in ldap.entries:
         if m := re.match(r'^CN=([^,]*)', group.replace('\\,', '-')):
             group = re.sub(r'[^A-Za-z0-9_.-]', '-', m[1])
             all_groups[group].add(user)
+syslog.syslog(f'got {len(all_users)} users with {len(all_groups)} groups from AD')
+
+# check sanity
+if not all_users or not all_groups:
+    syslog.syslog(f'something went wrong, exiting')
+    sys.exit(1)
 
 with open('/etc/pve/user.cfg.new', 'w') as f:
     # user:{username}@{realm}:1:0:{name}:{surname}:{mail}:AD sync::