Lattitude fingerprint reader, control vault and AD

We use Dell Latitude E6xxx and received a request to purchase and support the fingerprint reader. We're an AD shop and this reader would need to work in conjunction with AD accounts, for both domain connected authentication and cached credential auth when offline. Does Dell ControlVault work for AD accounts in both modes?

Can we also store fingerprint swipes for our Admin accounts, both a local account and a domain administrator account? It's a non-starter if the biometric auth prevents the IT group from logging in when necessary.

I would also like to get other IT admin's views on the security aspects of this. I'm a bit leery of having a fingerprint swipe bypass password auth totally as I've read some security experts consider vendor biometric software a security hole. I've believe in two-factor auth with "something you have" and "something you know", but relying on fingerprint alone bypasses the latter. As it is the users will still need to perform pre-boot auth for the Symantec disk encryption software we use.