Sorry, I'm confused as to what you are asking. Can you clarify? Are your Macs joined to AD? using mobile accounts? If so I don't understand why there would be an increase in tickets when passwords expire. Are the users not connected to the network so they are unable to change their passwords?
Why do they have to go through the entire reset again on their second macs? They should just be able to connect to the network and login with their new AD creds.
If these Macs are FV2 enabled, then they will need to enter their old PW (if it was changed) to authenticate. Then, i would recommend they log out and back in with their new creds to update keychain.
Might want to take a look at NoMAD. It can help sync up a users keychain... Just some thoughts....
@rqomsiya is correct. Assuming that your Macs can talk to Active Directory, then changing the password on one computer will change it in Active Directory and assuming that all of the Macs can talk to AD they should all be able to login with the new password. The issue comes with macOS 10.13 not being able to change the FileVault password for Mobile accounts if it was changed on a different computer. So the login password will change, but the FileVault password will still be the old password.