There is an enterprise requirement that any account in AD must have the password reset and service accounts (like the one in question) are changed on a regular schedule via CyberArk. My coworker and I had some reservations about this as there are multiple applications (Service Desk, Service Catalog, Process Automation, Unified Self Service, CABI...) and locations within each app to change the password so we attempted a test run in our test environment. It went about as good as we expected as we have had some issues with trying to keep the AD account from locking due to apps throwing bad passwords faster than we can change them and certain apps being unable to connect even after all changes have been made. I feel like there might be somewhere that during the original installation that one of the apps is hard set in the background with the original password or the config files that need to be changed are not specified and buried in folders that are never accessed.
Please be aware that as we identify big issues we are opening cases with CA Support but any information, to include sharing experiences while trying to do something similar, would help.