PEAP and EAP-TLS on Server 2008 and Cisco WLC

Thank you Rene for the explanation, it’s very helpful.
I’m trying to implement your examlpe, I’ve created a test lab, I’ve installed a windows server 2008 R2 on a VMare and I want to use a new AD from the server 2008 (not the existing from the production architecture), then I have 2 questions:

1- As the server is on a VMare what precautions should I take, to isolate my test LAB to don’t disturb the production installation?
2- for the test I’ll install the AD and DNS (all your steps) but when I want to migrate to the existing AD and DNS how can I proceed? sould I remove AD and DNS from the server 2008, is it sufficient ?