Multiple CA on same domain

We're about to deploy a new two-tier Windows PKI in domain which already has a 1-tier Enterprise CA and wonder of possible impacts on the current configurations.

Devices and Users are auto-enrolling with the current CA through GPO and what can be the impact of the new CA ? How will the users get the certificate from the old or the new CA selectively? Is it just managed by the template's security settings, which by default allow authenticated users/devices to enroll?

What sort of impact can we expect ?

thanks