3.5.3 Server Generation of the SSL_CERT_LOGON_RESP Message
The SSL_CERT_LOGON_RESP message is constructed by the server in the event that the certificate was associated successfully with an account, and authorization information can be retrieved. The Remote Certificate Mapping Protocol server constructs a PAC, as specified in [MS-PAC], containing the authorization information. Also, if the Remote Certificate Mapping Protocol server is not authoritative over the user's account, it uses Remote Certificate Mapping Protocol to contact the Remote Certificate Mapping Protocol server that is authoritative, and asks it to build the PAC. The response message supplies the name of the domain that contained the account used as the source of the authorization information.
The response, SSL_CERT_LOGON_RESP (section 2.2.2), is packed as a contiguous buffer and the encoded data is sent in the LogonData field in the NETLOGON_GENERIC_INFO structure, as specified in [MS-NRPC] section 220.127.116.11.2.