My company runs an L2TP VPN on a Windows server without using IPSec shared secrets or certs. For every windows client they bring onto the VPN, they add the following registry hack:

I did some research on what this really does in Windows, and found this:

When the ProhibitIpSec registry value is set to 1, your Windows 2000-based computer does not create the automatic filter that uses CA authentication. Instead, it checks for a local or Active Directory IPSec policy.
I'm not a Windows AD or VPN guru, so I'm sort of stuck here trying to figure out how to emulate this in Ubuntu. Has anyone else run across this?