Starting with Windows Server 2008 R2 (is available a hotfix for Windows 2008) a new feature was introduced to enable you to copy the password of a domain account to the DSRM password on a domain controller using NTDSUTIL. This make the maintenance of DSRM password across an entire domain much easier.
First you need to create a disabled user account in AD (just a simple user without any admins rights). For example firstname.lastname@example.org
Then you need to run on every DCs this command:
ntdsutil.exe "Set DSRM Password" "Sync From Domain Account email@example.com" Q Q
If you have multiple domains in your forest, you will need to create and maintain a user account to synchronize the DSRM password with in each domain.
This task can easily scheduled via GPP on every DCs.