Having reviewed this answer, I'm still left with quesstions..Securing the Domain Administrator account, (Q_22094429)
Do processes that have been set up previously under the Domain Admin account "break" if you change the password? (I'm guessing yes!)
If so, surely it's impossible to "Audit" all instances of the Administrators account being used, should one need to secure the account at short notice.
I need to change the password for the Domain Administrator and create a new "Support" password. (i.e It's not possible for me to have my users "forget" the existing password.)
If it was possible to change the password, without effecting any of the day to day processes, then that would be perfect. I would also need to "lock" the Domain Admin password to ensure my Support users couldn't reset it.