How would you architect and secure a Windows Server 2025 environment with Active Directory, DNS, Group Policy, and PKI?