On a top level, if your prod server is currently in a part of HA/DRS or even added to a VC, then it would be unavailable.
I personally think it would not be wise to hamper with a production server. Given the fact that the password is lost, I doubt if you would be able to reset the root password when adding to a AD
Again, given the fact it is a production server, I can suggest, to bring up another server to migrate the VMS and once the production is up and running on the secondary host, you can use the ESXi - Reset the password for root
method to reset the password