Splitting an existing Windows Server 2012 domain in two

Greetings,

I have a question regarding best practice for splitting up a Windows Server 2012 domain and I have two alternatives to choose from (or maybe you have additional solutions to this problem to suggest).

The scenario is as follows:

At the moment we have a domain with one primary DC and one read-only DC. The primary DC is located in one LAN-segment (lets call it zone 1) along with windows clients connected to it. The read-only DC is located in another LAN-segment (lets call it zone 2)that is behind a firewall, from zone 1. The clients connect to the internet from zone 1 via a RemoteApps-server in zone 2. The firewall locks down most other communication between zone 1 and 2 but allows some traffic.

We are now thinking about creating two domains instead to be able to lock down the segments even more, that is, to allow less communication through the firewall between zone 1 and 2, only allowing RemoteApp connections.

My questions are as follows:

1. When separating two DC:s from each other to create two domains, what are the recommended procedures to do this?

2. One solution that has been under discussion is to do this: 1. Close the ports in the firewall. 2. Promote the read-only DC (in zone 2) to Primary DC. 3. Carry on from there. This will give us two domains with the same name, one (in zone 2) containing a DC and a RemoteApp-server and the other (in zone 1) one containing a DC and users controlled by GPO. The domains will have the same name and the DC:s will not be able to connect. What are any implications of this? Is it safe and is this a recommended procedure?

3. The other solution discussed is to demote the read-only DC and then create a new domain from scratch on that segment. Alternativly leaving the RemoteApp server in zone 2 out of any domain completely. What are any implications of any of these options? Would this be recommended procedure?

So, I hope it's pretty clear what we are trying to do, i would appriciate and feedback and answers regarding the above as well as alternative solutions with a security focus.

Regards

Gunnar