best-practice dual network AEA/SOA installation

Hi all
I’m ICT manager at a Belgian company for a few years now.
They were used to another Endpoint Protection brand.
Before renewal of those licenses, I want to migrate to Avast! Endpoint Protection in our Windows Server domain. But I don’t have experice with it yet.

We have 2 networks in our company at the moment, connected with a second router.
What is the best pratice to have Avast Endpoint running centrally and still discovering all hosts in both networks?

Our current Windows Server domain is in the network “A” connected to outside. The second network “B” is connected to this network with a second router.
So on which device should I install which version (AEA or SOA) to be able to protect devices in both networks A and B?

I tried it in the domain controller (= in network A, no default access to network B) before to test out Avast SOA with domain discovering. (with generated ‘sa’ ms sql password)
As I had not much options to discover all devices (+ troubles deploying to devices in etwork B), I installed AEA to check that out. At the moment, I can’t get Avast working again in my domain controller due to ms sql ‘sa’ login issues. And I’m not willing to risk changing it’s password.

Anyway; I have a new Windows Server 2012 in the network B too.
Should I install Avast Endpoint in that one to easily reach all devices in both networks? Even if that WS2012 is not yet the domain controller (it will be later on)
Does this OS need to be in the same domain? Or can I discover any device in network A and B?

What is your best pratice advice for our 2 network-setup?
Thank you!

Kind regards