One thing you might consider with any domains in your forest is how many physical vs virtual machines you want to have. Personally I believe that there should be one physical machine per domain. One of the reasons I believe this is because of how the clocks are handled on, specifically in my case, Hyper-V machines. I cannot speak to VMWare. On a Hyper-V host it installs a clock sync service on the guest operating systems. In a domain all member machines are synced up to the time service from the DCs. Each domain syncs up to the forest. But on a Hyper-V guest the clock is synced up to the physical machine's clock. And if the host is a member machine the clock is then synced up to the domain. This creates a feedback loop that allows for the clock to drift I have found. After a couple months the time drifts to the point that there is a noticeable difference in time and in Active Directory that is a major issue. To solve this I set my Hyper-V hosts to sync time at a very low interval from a physical DC that holds the Flexible Single Master Operation (FSMO) role of Primary Domain Controller (PDC) in the forest root domain.