ADFS 2.1 and Authenicating Computer Accounts

No, ADFS cannot authenticate computer accounts

Basically it is used for user authentication from anywhere (external / internal) and computer account never comes in picture

Computer account can probably be supported but specific to implementation and support by server/client build (Win2012 and Win8).

ADFS tends to authenticate based on claims using SAML token. The token will contain the User credential whom is uniquely identifying the requestor instead of computer account, that is not necessary unique. So user account is already supported in most implementation.

However, in implementation using the ADCS claim in ADFS, computer account attributes in addition to user account attributes from within AD DS can be included in the token. E.g. AD DS issued claims can be used with AD FS to access both user and device claims directly from the user’s authentication context, rather than making a separate LDAP call to Active Directory. See

As an extension to the Dynamic Access Control scenario, AD FS in Windows Server 2012 can now:
Access computer account attributes in addition to user account attributes from within AD DS. In previous versions of AD FS, the Federation Service could not access computer account attributes at all from AD DS.

Consume AD DS issued user or device claims that reside in a Kerberos authentication ticket. In previous versions of AD FS, the claims engine was able to read user and group security IDs (SIDs) from Kerberos but was not able to read any claims information contained within a Kerberos ticket.

Transform AD DS issued user or device claims into SAML tokens that relying applications can use to perform richer access control.

https://technet.microsoft.com/en-us/library/hh831504.aspx

Dynamic Access Control featured in Windows 2012 only as above. And to add, Device claims are supported in Windows 8clients only. See device claim - https://technet.microsoft.com/en-us/library/0311a76d-d66c-4ddb-ade6-af586a2ad82f#BKMK_DeviceClaims

So if I am understanding everyone correctly user cause authenticate computer account but only if the source domain is Windows 2012 R2 which support claims... am I correct

you need both ends of the puzzle.. the computer and the server component that support the additions

ADFS should already be doing claim based SAML token as it is.
User account is the main one, machine account is used as explained prev. As long as Kerberos token are involved, machine acct can be considered if req. If not you are doing user as per below link usually
http://blog.auth360.net/2014/01/07/first-impressions-ad-fs-and-window-server-2012-r2-part-ii/
Normally if you have Web Application Proxy (WAP) to do via Kerberos Constrained Delegation (KCD) you will used machine account  https://jorgequestforknowledge.wordpress.com/2014/12/07/web-application-proxy-with-kerberos-constrained-delegation-kcd/

OK, now I am confused I know WIndows 2012 cause use claim and support computer account attributes. Are domain is Windows 2008 R2 though I saw Mahesh post which stated that it is not support and other say it is.

Can a server that is in the DMZ used ADFS to authenticate it computer account in AD internally?

Are domain is Windows 2008 R2 - not supported Server 2012 and newer with windows 8 and newer clients: supported. FFL/DFL must be 2012+

What do you mean by FFL/DFL ? Is sounds like with my domain controller running 2008 R2 and only some of the affected servers running 2012 R2 I will not be able to do this correct

Thank you for your guidance...

thought I already mentioned this that in Win2012 and Win8 ... I am taken aback by the acceptance

Computer account can probably be supported but specific to implementation and support by server/client build (Win2012 and Win8).