How to find user in nested group from Policy Server