When a user has a loginShell value of /bin/false in Active Directory, and a user-override entry exists to set that value to something else, the override is not being applied.
# vastool -u host/ attrs -u user1 userprincipalname loginshell
userPrincipalName: email@example.com loginShell: /bin/false
# grep -i firstname.lastname@example.org /etc/opt/quest/vas/user-override
# getent passwd user1
The output still shows the /bin/false shell.
This is expected behaviour which prevents a disabled login shell from being changed by the user override settings.