As long as the hostname does not change, it being a different AD domain shouldn't be an issue. I'd recommend doing the upgrade to vCSA on the current one, repoint to an external PSC, deploy second PSC and begin replication, then you can introduce the load balancer. For the AD domain, this should just affect authentication. Remove the old identity source, disjoin from domain, join to new one, and add new auth source as IWA.
Thanks for the fast reply. That is helpful information. This is not something we do every day and something we don't want to fall on its face.