You absolutely can setup a domain controller in that manner if you already have S2S VPN or express route connectivity to the vnet which you intend to deploy the Azure Domain Controller into.
A good place to start is here: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain , with the managability considerations being especially important.
In regards to question 2: You'd have to create a new site, ensure that your users have visibility to it from network perspective and that DNS srv records are created for the new site. One thing to consider is where the PDC is and how you'd move that around in the event of a localized issue with the current PDC.