Hi,
Thank you so much for posting here.
According to this similar discussion, it would make more sense to install Certificate Services (using a backup of the CA key), Web Enrollment, restore the certificate database & registry key, and then install NDES.
As for migrating certificate service, we could refer to:
Hope the information is helpful. Thanks.
Best regards,
Hannah Xiong