There is an enterprise requirement that any account in AD must have the password reset and service accounts (like the one in question) are changed on a regular schedule via CyberArk. My coworker and I had some reservations about this as there are multiple applications (Service Desk, Service Catalog, Process Automation, Unified Self Service, CABI...) and locations within each app to change the password so we attempted a test run in our test environment. It went about as good as we expected as we have had some issues with trying to keep the AD account from locking due to apps throwing bad passwords faster than we can change them and certain apps being unable to connect even after all changes have been made. I feel like there might be somewhere that during the original installation that one of the apps is hard set in the background with the original password or the config files that need to be changed are not specified and buried in folders that are never accessed.
Please be aware that as we identify big issues we are opening cases with CA Support but any information, to include sharing experiences while trying to do something similar, would help.
I know for Service Desk, you basically have to just run pdm_configure to update the passwords. However, for other applications such as Process Automation, it requires you to do a "reinstall" (as a reconfiguration) which you change the password there for the pamadmin user etc. Your best bet would be to open a support case for each product specifically so that the appropriate team can get you the right answer for each application.
Hope this helps,
Thank you Jon. I wish there was a simpler way to get the info rather than opening a case for each application but there may be some other hurdles we avoid by having the expert help us through the process.
I would still like to hear if anyone has any experiences in this matter to share. Any little "I wish I knew then what I know now" stories would be helpful.