VPN

How to raise a new infrastructure from scratch and combine three buildings of an educational institution into one network?

Good afternoon. I am a beginner system administrator. I was given a serious task: to raise a new infrastructure from scratch and combine three buildings of the educational institution into one network. We define that building A is the main one, B and Csecondary. Windows Server 2008 (DC,DHCP,DNS), Windows Server 2008 (TMG 2010), Windows 2003 (Mail, Website) are now installed in the main building, and all this is on old hardware. There are currently no servers in other buildings. (New servers purchased 2 per chassis). Clarification of the problem: It is necessary that users of one corpus can log in to other corpus under the same login and password, and also have access to resources in other corpus. At the moment there is no network between the buildings, but it will be done using a VPN or with the help of a provider. Internet speed between buildings up to 100 Mbps.
In my opinion, the process of creating a new infrastructure should start from the main building. Put the network in order, think over the network topology, it is possible to configure VLANs in the network (200+ PCs), think about how VPN will be implemented, raise a new domain and forest, smoothly transfer current servers to new ones. The next step is connecting the main building to the secondary (VPN), raising a domain there, including this domain in an existing new forest , and setting up trust relationships between domains. Same thing with the third building. BUTmanagement wants to do the opposite. The first step is to raise domains and new forests in buildings B and C, after rebuilding the infrastructure in the main building, raise the VPN and somehow connect all three forests into one. I doubt this approach. Will it be possible to set up a trust relationship between domains that are in different forests without hemorrhoids? What are the pros and cons of these approaches? And how will it all work? Thanks in advance for your advice!
Addition: Thanks to everyone for the answers, perhaps I did not correctly describe the situation, I'll try to clarify. The distance between the buildings is about 5-6 km (stretching something is not an option). Most likely, you will have to connect through a provider, the Internet speed for educational institutions is 100 Mbps (and most likely they will not increase). As for the authorities, they need to do everything quickly and efficiently. The technical side of the whole procedure is poorly understood.
Now about three domains and the total number of computers: in the main building we have 200 PCs, in the second about 120 and in the third about 80. The idea was that all user authorizations would take place in the cases on local servers and not run through the Internet to the main server (at least password caching), if for example the link between the cases would fall, then the work in the cases would not be interrupted. You also need a single authorization for all cases + access to data. (from here the idea to put servers in all buildings)
At the moment, there is no infrastructure in two buildings, a router and switches. Everything is there from scratch. In the main building, with the help of VLAN, they wanted to separate the administration from the students and the accounting department + reduce broadcast traffic. There are also plans to organize Wi-fi throughout the main building for teachers and students (separate VLAN?)
The administrator, unfortunately, I am the only one in three buildings and there is no place to wait for technical assistance (but 2 enikey workers), if you invite specialists, then why should I? (the boss's logic) Let's continue, about servers, 6 new servers were purchased under the project, which were not distributed by me into cases. If they can be distributed more intelligently, then please tell me how to do it. For me, the most important thing is the stability of this system. (About a backup DC - this is by itself) And yet, in your opinion, in this situation, is it better to put all the servers in the main building and start the infrastructure from here, or divide the server equipment into 3 buildings ???