It has recently come to my attention that the service account we use to run our SQL Servers is in fact a domain admin. For various reasons, I am planning on demoting the service account from domain admin to domain user. It will remain as a local admin on all of the SQL Server boxes, naturally.
My question is has anyone out there ever done this before, and are there some fiddly bits that domain admins get policy-wise that the service account may lose in the demotion? I am thinking about having a new account created to test things out, but I am concerned some of the more elaborate servers (think clusters) are going to have some other requirements that I can not think of.