We plan to integrate DEV, TEST and PROD under the same Active directory. Currently they exist as completely separate networks with a separate BF server in TEST and PROD. They would be in sub Domains. We would like Bigfix to be able to separate these logically so that servers in PROD would not be aware of new tasks for TEST for example. What is the best way to achieve this?
Do you mean ONE BigFix server managing all three environments? In this case the easy approach could be to create three groups, each managing your env; then you can deploy actions per group and subscribe sites per group as well.
You can also assign group visibility to different operators.