I have inherited a network that is using SBS 2011 as the domain controller. We have several member servers on this domain. I have a new application coming in that will require 2 new servers that have to be domain joined (not workgroup servers). However, the intent is to make these servers as independent as possible as this part of our company might break off into its own independent company in the near future. I have a Watchguard XTM515 firewall. My plan is to connect these 2 new servers on a new IP subnet to a port on this firewall. I will block all communication from all of my domain servers (on my primary domain to this new port/subnet). That way I can setup a new Active Directory domain on this subnet that won't be seen by the SBS 2011 domain controller. The few devices on my current primary subnet that will need access to the new servers will only do so by remote desktop connection (via ip address since there will be no DNS resolution available to this subnet).
Does this setup plan make sense? Are there any flaws or issues that I am overlooking before I start this process?