Here you go.

https://community.cisco.com/t5/identity-services-engine-ise/migration-from-standalone-to-fully-distributed-deployment/td-p/3539662

One small note for  folks using ISE Traditional Licensing- if you are adding another PAN to the deployment, then you will need to re-create your license on software.cisco.com licensing portal again, because the current license will only have the UDI of the single PAN. 

 

Normally when you build a distributed PAN deployment you add both servers' UDI details into the license generator, and then install that in the PAN.   The PAN copies that file to the Secondary PAN too.

if you're using Smart Licensing then this is not an issue because it's all automagically handled :)

The steps you will plan for.

1. Deploy the new VM's or appliances with the same version as the current node(s).
2. Run the setup script from the console, assigning addressing, DNS, hostnames etc. Make sure DNS forward and reverse entries are created.
3. Install the same patch as the PAN node, not every patch installed, just the most recent as indicated on the Admin node. Patches are cumulative, so prior ones are not needed (with the exception if you are on 2.0 or 2.1, ask if you are on either of these versions as there is an old bug).
4. Install any node certificates and trust store certificates required to install the node certs.
5. Register the new node to the deployment, and select the personas you want it to host.
6. Turn off the persona's on any previous nodes you want to have different roles (PAN/MNT). Note that the node will restart when you start changing persona's, plan for the momentary outage (10-15 minutes for a reload).

Arne's post is important if you are adding a new Admin node.