Hi Michelle,
I haven't tried this with my ArcGIS Server REST endpoints, but for several other directories, it is often possible to catch the authentication upstream at the web server. I've only done this myself with Apache httpd and Nginx web servers; from your question I infer that you might be using MS IIS web server and Active Directory authentication, which I've not configured in this way.
In terms of tracking down relevant documentation, I believe that the suggestion was actually to create a Reverse Proxy. In that case, your users navigate to a URI somewhere in a directory path under, say, http://sonomacounty.ca.gov/ and all requests that the web server receives at, say /coolmap/services would be forwarded to a specific server and port like http://gis1:6080/arcgis/rest/services, and all responses from your ArcGIS Server instance would be returned to the requestor appearing to come from http://sonomacounty.ca.gov/coolmap/services
If you're using IIS and being asked to set up a reverse proxy, your web content administrator may have useful knowledge about how to set that up and then secure the /coolmap/services path using Active Directory authentication. To keep the services secured, you could even configure ArcGIS Server to only accept non-administrative connections that are forwarded from the web server acting as reverse proxy, so that only the (secured) front door is open, and people can't just paste a URL direct to your "gis1" server.
-=Brian Quinn