there won't be a $250 call to MS
change the password and stuff will break.
all you'll be doing is going round machines after the stuff has broken and resetting locally cached credentials for service logons and such that are starting as domain admin.
and this will happen every time you change the password.
which is why it's best to create some specific service accounts, and don't change the password on these machines, and restrict what they can log on to.
then you can change the admin password as much as you like.
but the first time you change it will be the worst. no matter how much prep work you put in, it's almost guaranteed that there will be something some where that has the old password cached, and you'll only find it after it breaks.
putting in work changing the whole account to a dedicated account for logging on services spares a lot of running around afterwards, but on a network that you inherit, you;re probably never going to know every little thing where something for some reason it authenticating as administrator.
change the password and stuff will break.
all you'll be doing is going round machines after the stuff has broken and resetting locally cached credentials for service logons and such that are starting as domain admin.
and this will happen every time you change the password.
which is why it's best to create some specific service accounts, and don't change the password on these machines, and restrict what they can log on to.
then you can change the admin password as much as you like.
but the first time you change it will be the worst. no matter how much prep work you put in, it's almost guaranteed that there will be something some where that has the old password cached, and you'll only find it after it breaks.
putting in work changing the whole account to a dedicated account for logging on services spares a lot of running around afterwards, but on a network that you inherit, you;re probably never going to know every little thing where something for some reason it authenticating as administrator.