02-20-2015 07:35 AM
02-20-2015 07:41 AM - edited 02-20-2015 07:43 AM
Every domain computer has a machine account. Non-domain machines do not have a valid account.
When you see the device authenticate to the network with host/device-name.domain.com, this is a machine authentication.
The credential can be either a certificate or password. Active Directory can issue certificates to each domain computer automagically.