Migrating internal Certificate Authority to new server
I'm after some advice from anyone with experience of moving the Certificate Authority in Windows Server to a new server, as I'm about to do so on my network.
Right now I am most of the way through scrapping our RM CC3 system in favour of a vanilla Server 2008 R2/Windows 7 system. The time has almost come to switch off the last RM server; the last two things I need to do are to transfer the Operations Master role (which seems easy peasy) and the slightly more daunting task of moving the Certificate Authority.
I've read this quick guide as well as the not so quick Active Directory Certificate Services Migration Guide on TechNet, which frankly makes the process seem more complicated than finding the Higgs boson.
An alternate option I have seen proposed is to set up a new CA and run it in parallel with the old one while I switch all the machines that currently use certificates to the new CA. Given that 99% of the existing certificates are computer auto-enrolment certificates, this doesn't seem like a bad idea.
Has anyone here done this before and can offer any words of wisdom?