We have two completely separate forests with no trusts between them.
I can map a drive on my computer to a server in the other forest by using the 'Connect using different credentials' option in 'Map Network Drive' (which gives a user/pass prompt) and this works fine.
However, we now want to automatically map this drive on a number of user PCs without having to go to each one and map it individually or giving them the password to be able to map it themselves.
We usually use GPO to map drives within our domain (User Config -> Prefs -> Windows Settings -> Drive Maps) and use item level targeting pointed to a group.
Our initial research suggested that we could use users from the second domains and enter in the 'connect as' credentials in the GPO so we could target a group and map the drive as a specific user.
However upon trying this we discovered that this behaviour has been deprecated due to security concerns of holding that info in AD.
Other ways of mapping using logon scripts (either net use or PSDrive) involving network shares, don't seem secure in this case as the examples I've seen all have the credentials in the script.
tl;dr
We need a way to automatically map drives between two separate forests (ie using user credentials from the 2nd in the 1st) that doesn't expose the user/pass to the domain user - applying this to members of a group in the 1st domain - saving us from visiting every user's PC that needs this location mapped
Added info:
Using SMB as NFS was buggy as heck when we first tried that
Server in 2nd domain with share is 2012 R2
Clients in 1st domain are either windows 7/10
