By default, the LDAP Agent can rotate a Domain account password without requiring any extra work. In some environments, the domain controller could lack the necessary permission(s) to rotate the password.
You may see an error in Activity logs showing: "Failure changing password in AD".
To fix this issue, you just simply add the DC to your "Domain Admins" group.
Navigate to your Active Directory > Domain Controllers > double click on the DC to open the properties > Member Of > add "Domain Admins" and "Administrators" groups.