Microsoft
MicrosoftMCroom If you plan it correctly, your downtime should be minimal. If you're hosting the CDP and AIA locations on the online CA(s), that is a bad practice. Given the high asset value assigned to CAs, you really should not be running IIS on them. You want to minimize the attack surface. I don't know what the lifetimes of your CRLs are but one solution during the migration is to host the certs and CRLs on another server running IIS and use DNS to redirect the current URL to this new server.
I assume by wanting to add additional availability you're talking about adding CA(s) that have the same templates published? If so, then I'd probably do the migration first, then after things have settled down and you're sure things are working correctly, add the new CA(s).
For your 3rd question, yes, this is a best practice. You can change the CDP and AIA URLs by editing the registry (don't forget the root CA) but keep in mind that any existing time valid certificates will still contain the old URLs so you need to handle that to prevent outages.
