I we use VRRP so our VIP has a DNS name and I provided our users with directions. 

We tied our AD to the VPN so all the users already know the login name and password.

Out of 50 users only 5 couldn't follow directions. You can also automate it via a GPO or Powershell. 

Something like the below:

$ServerAddress = "vpn.domain.com"
$ConnectionName = "Corp VPN"
$PresharedKey = "MakeALongKey"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force

The one thing to keep in mind about using AD for VPN Authentication is that there is no restriction or way to restrict who has a VPN account. So if you have a user called breakroom with password breakroompassword that is instantly a VPN account.

To avert this you might want to look into some Group Filters with AD. Like here. This is technically intended for Wifi but can be used to filter groups accordingly. You can also use the Meraki Cloud as the login method if you do not mind VPN users having a 2nd username/password just for VPN. 

I personally hope that Meraki makes the VPN similar to the ASA as that is by far the best VPN I've used in 14 years. I know that Meraki is working on it. I ask all the time. 

What OS are you using, just Windows 10?

We are still running Windows 7 so this powershell command unfortunately is available.

@MRCUR

Interesting. I think that the ASA does something similar and I ended up using an NPS server to get the ASA VPN going. Did you do something similar or are you talking about some FreeRADIUS?

I now feel like a fool for not thinking more about Radius as a method for authentication here. I'll be messing around with this more tomorrow for sure as I need a more streamlined way than what I'm doing now. =P And, NPS is much better. 

@NetworkingGuy We're using NPS for VPN & WiFi auth. Works really well. 

@MRCUR

Thanks. I'll be testing this out now for sure. Regular AD is not so nice.