Disconnect the VM from the virtual NIC. Reboot VM from host management. Connect to VM from host management (the VM is now not on the network). Login with domain admin creds. This will be allowed as 'offline login/admin'.
Then put the VM back on to the network whilst logged on and rejoin the VM back to the domain. Then restart. Easy.
Rejoining to the domain will create a new SID. Not sure if that would cause issues for the CA in AD.