I think you are right, it's just that I read somewhere that if the diradmin had the slot ID of 0x00000000000000000000000000000001 it meant it was broken.
I have since worked out the issue, it seems that having LDAP first in the list for the Authentication and Contacts search (when also bound to Active Directory) prevented the diradmin account from authenticating for some reason. Putting AD first immediately allowed me to authenticate with diradmin to open Workgroup Manager. It seems that the diradmin password reset was working all along, it just wasn't allowing me to authenticate in WGM with it.
Thanks for your help anyway