AD is from Active Directory (sorry for not mentioning). In general to use FIDO2 device for login to Windows 10 is about using workstation in a Windows directed network, with AD enabled.
Indeed Nitrokey does not offer any devices with fingerprint readers. Access is protected with user configurable PINs.
Both KeePass2 and KeePassXC (which I have mentioned earlier) do not support FIDO2 directly at the moment, which we hope will change. We have decided to opt for a general solution instead of developing another custom interface for the challenge-response, hence the FIDO2 and PKCS#11 tickets have our full support. This is a design decision, not a hardware limitation.
Alternatively, Nitrokey Pro and Nitrokey Storage feature OTP codes, which allows to unlock the KeePass2 database.