0) read about dhcp-snooping and dhcp-relay.
1) configure it all on the switches
2) if possible, scatter it on subnets and vlan
3) throw out the switches that do not support this into the trash can.
4) set up primary and backup dhcp servers with a common database of fox addresses.
5) Well, next on your list. Read
xgu.ru/wiki/DHCP_snooping

I ask for the help of more experienced colleagues, since I myself have never organized networks of this scale - how and what is better to do on these points, what software tools

To begin with, draw up a normal technical task, then an estimate, and then proceed with the implementation or hire performers.
If you yourself are not able to draw up a TK, and an estimate, you need to invite specialists.

how can you protect yourself from PCs not registered in DHCP (let's say Vasya brought his PC, plugged it into the network and downloads something bad

The task of DHCP is to distribute addresses, and if someone connected a computer to the network, he must give him an address. This is fine.
But where Vasya has access, and what he can download, is decided by completely different tools that have nothing to do with DHCP

Within the building, configure automatic DHCP acquisition on all PCs with IP address reservation.

Just turn on DHCP and set the address reservation for a specific MAC address.
How to do this depends on what it will all be implemented on. Even home routers for 800 rubles have such functionality.

To be able to delimit the ranges according to cabinets, groups of cabinets - not all PCs in a building can be shove into one network.

VLAN to help you.

Be able to connect remotely to a PC in the domain

RDP

Have the ability to remotely install OS + software. Need a PXE server

PXE is a hard-wired computer program that allows you to boot over the network. It is by no means a server.
A TFTP server is required for remote OS installation.

there was some kind of tool from Microsoft that can beautifully install the OS over the network

AIK

Software that displays IP and other identification data on the desktop to identify a PC

RMB on My Computer - you can see the name of the computer there. Why do you need an IP?

Accounting for user traffic.

Yes, on anything, software in bulk, you need to choose for tasks, you need technical specifications. And so without TK - look in the logs of the router.

It was planned to use Windows Server as a router for all this

Strongly thought. No, in Windows, of course, there are routing services and they work quite well, but organizing a large network router on Windows is certainly something - we wish you luck.

The most difficult thing I see is how to distribute DHCP addresses and share them.

This is exactly what any schoolboy will do in half an hour with the help of a cheap SOHO router bought in the nearest supermarket.

I dashed off a whole TK, the size of a good sheet)))) It remains only to find someone, pay, he will come to you and organize everything. Here for a whole long row of business, such things are not done for free.

Vlan, intervlan routing, dhcp-relay, dhcp..-snooping... +monitoring of infrastructure, servers - zabbix or similar

Yes, my friend, you threw a problem.
- To begin with, to throw out, from the word at all, all DLINK'i because such a dirty trick is not kosher.
- Cut the network in large pieces (according to the 24th mask, in extreme cases, 25), per campus, even if there are 10 people on the floor / building;
- Buy a microt for the core, ideally ccr1036, crs326 will also go to the second level (buying 1xx-2xx is not worth it because it is outdated);
- DHCP fully entrusted to microt in the kernel, uplink - dhcp server. With DNS on Windows Server, it will "make friends" normally, the main thing is to allow dynamic updates;
- forget about VLAN as I understood the peer-to-peer network;
- remote control is best organized through Radmin (if there is no money, then there is a lot of broken lines on the network, but it’s worth buying a dozen licenses to clear your conscience), connect by domain name, not by IP;
- PXE - read on WDS (Windows Deployment Services);
- Accounting for user traffic, is there any point? It is much easier to set up queues and play tricks with routing if you have several providers. If you want to "close" VKontakte and so on, read mikrotik layer 7 https, but it's better to do this on a separate piece of hardware, the processor eats very well;
- You can protect yourself from connections that are not registered in DHCP by stupidly making a binding to the poppy address, but then the whole point of DHCP is lost. And so it's too big a topic and a lot of solutions.
ps Unreasonable savings never led to anything good.

I would recommend hiring a contractor.
Get it faster and, in the end, cheaper.
If you have the necessary knowledge, then one person can do it in a month or two (depending on specific tasks).
In addition, in the process you can "gather" the missing knowledge, which is also worth a lot.
Well, or follow the advice of colleagues. Although without knowledge it will be difficult to choose even a certain solution, and it will be even more difficult to implement it.
From practice, I can say that 1000 hosts in one broadcast domain is also not a problem (there was experience). It all depends on desire and skill.
And now questions:
1. For what need to use reservation?
2. What is the purpose of differentiating IP by cabinets?
3. RDP by the name of the computer or IP reported by the user, what does not suit you?
4. What volumes of OS/software do we operate with? AD has the ability to remotely install software, MS has a deployment service.
5. Bginfo from Mark Rusinovich is quite suitable. (this is not a question at all)
6. There is a proxy server for accounting and traffic control. MS lost his decision. Again, questions: what channels of communication, levels of control?
You can protect the local network from third-party devices using the Radius server. There is a regular role in MS Server.
In general, if you want to get a normally configured and working solution, invite specialists. If you want to do everything yourself - get knowledge.