Moved to ePO for better support - Moderator
We have been through a similar process of the past year.
We have standardised our Endpoint Policies and managed to get them down to about 10. Most of the extra policy are in the Very rusSan Low risk process group, but where possible we have decided to maintain one set of policies.
We currently ad sync 5 domains, all at the root excluding any 'empty OUs' and this keeps our system tree pretty tidy.
If your AD is well organised logically it helps when delegating permission sets.
McAfee Certified Product Specaliat - ePO