If you are new to PAM like me, this may help you.
It is exactly the same thing Christo.1 mentioned but with steps.
You first need to create a Device to represent your Windows 2016 server.
Give it a meaningful name and select the best matching Operating System if there is no exact match.
Select "Access" in the Device Type. (If you want to manage the password then select "Password Management" as well)
Enter the IP address.
Click "Save and Add Target Applications".
Create an Application called Windows2016-RDP
At the Host Name you should be able to select the device you registered above.
Device Name would auto-populate.
At the Application Name enter "Windows2016-RDP"
At the "Application Type", if this server joined windows domain then you can select "Windows Domain Service".
If it has not joined a Windows Domain and if you have Windows Proxy server managing the user accounts/password on this machine then you can select "Windows Proxy".
If this server has not joined Windows Domain and you do not have Windows Proxy then just select "Generic".
For your testing, I would just say select "Generic". Explore the others in the future.
Click "Save"
If you are using PAM 2.8.3, you would see "Go to Accounts List" link at the upper left corner.
If not, just look for "Policy - Manage Passwords - Target - Accounts"
If you are on PAM 3.x.x then the menu would be different but look for "Target Accounts".
If you have selected "Generic"
This is an object representing the user account on the target device.
Click "Add" to create.
You should be able to lookup and select the hostname you created above.
You should be able to lookup and select the application you created above.
At the "Account Name" enter the local username such as "Administrator"
Enter the user password at "Password" field.
Click "Save"
Go back to the Device tab and select the previously created device.
At the Access Method, click Add
Now goto Policy and select your PAM username and the target device you created and click "Create Policy"
At the Access, click "Add" and and select "RDP". Here you will see and empty field at the right hand side, click on that empty field and you will see the user account you created.
If you want auto-login, you can select this user.
If you want the user to manually enter their credentials then you do not need to link the user account.
Click Save.
Goto "Access" tab and you should be able to see the registered target device.
It is general practice to click "Restart Session" before trying any new device.
Next to the target device you would see the "RDP" button next to it.
If you click on it, you will be connecting to that device.