I've got a customer that has several sites across the US and their CA is in a site that will soon be going away. I've moved the AD roles to a DC in another state but we're left with the CA in the soon to be closed location. From what they have told me one cert is being used for file encryption and another for servers and computers to establish trust with the DC's. There are other certs that they are checking on to see what they're actually doing. I've done some research and really haven't found a clear path as to what's the best way to migrate/move this. Some say you must have the same hostname etc. That's not possible as it's moving to an existing DC/GC. I thought about trying to create a CA subordinate on the other DC. I also have read that you should be able to migrate the store and as long as you use the same CA name it shoudl work. I've also got to make the decision as to whether this can be done during production or if it needs to be schedule for their one maintenance window they have each month.