You are not able to run certain commands due to group memberships missing and vastool flush resolves but only temporary.
Nested group are groups within groups.
**Please note that as of version 4.0.3.189 preload nested membership is now true by default.
1 - Run the following command which will add the preload-nested-memberships setting in the /etc/opt/quest/vas/vas.conf file under the vasd section:
#/opt/quest/bin/vastool configure vas vasd preload-nested-memberships true
The setting in the /etc/opt/quest/vas/vas.conf will look like this:
[vasd]
preload-nested-memberships = true
2 - If not in workstation mode, run the flush command below:
#/opt/quest/bin/vastool flush
Here is a description of the configuration setting from the vas.conf man page.
preload-nested-memberships = <true | false>
Default value: false
When groups are given through nesting, the nested memberships are normally processed only through login events. Turning on groups-for-user-update will make the memberships be processed when the user account is updated through a by-name request. This option will cause vastool, whenever it loads the user and/or groups cache, to also iterate over all users triggering nested group processing for each user.
NOTE: Quest has improved the performance of the preload-nested-memberships option and recommends that you set it to true in nested group membership situations.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center