Actually, especially since you have 16 DC's the Best Practice approach would be to use DC's Profile. Create System Profile for your DC's, using the method above as described by @mperrin. Then you could actually, do a autolearn, and automatically add them via a create rule, based on there system name, or IPs. Presuming you have naming standards in place for server roles.
To answer the question "do all DCs need to be added as data sources?" In my experience, Yes. Mainly because of security group changes. Events for changes to a security group remains on the DC it was made on. It does not get transferred to the PDC. We alert on changes to high access groups such as Domain Admins, Enterprise Admins, etc. Those events can come from anywhere. You'll also want to be able to see all authentications on all of your DCs.
In addition, I have set up correlations and alerts to notify the SOC that a DC has been promoted or demoted. These two Signatures, 43-263051370 and 43-263051410, show that a server object is added to or removed from AD Sites and Services (where the server object set up connections to other DCs for AD replication). My two correlations, "server added" and "server removed", each look for that Signature ID along with "CommandID (In) [server]". I then alert on that correlation signature ID when it is triggered, then it gets emailed to the SOC. Works great. Sometimes the domain admins forget to tell us when they make changes to domain controllers.
You can either create the Data Sources manually using the instructions provided, or you can import them from a CSV file to mass import the systems. The easiest way to do this is to create one, then export from the Receiver's Data Source Tab, then add the new devices to that CSV and import it back in. The 2 things to remember are when importing, is that column "A" is for "add, remove, or change" and column "B" is for the Receivers "Device ID" - make sure to change the field to "Text" then copy and paste from the "Name and Description" page of the Receiver Properties.
Yes you should have all of your DC's in the SIEM.
If you really want to be secure / be able to meet your Compliance requirements (SOX;PCI;COBIT;ISO27001/27002;GLBA;etc), you will have logs from all of your Servers in the SIEM, DC's, Member Servers, Workgroup Servers, Linux/Unix/AIX Servers, etc...