I want to allocate static ports for Netlogon and FRS, but also want to allow for administrator-defined static ports for other apps running on domain controllers. If we allocate a random high port to be used as a static port, will the RPC endpoint mapper test the socket and see that it's taken and, therefore, avoid a conflict when a service runs that uses RPC ports? We could also select unassigned low ports to avoid any potential EPMAP issues, but then there's always the possibility that a new app could come along and register that port. So, would it be safer/better to restrict the RPC port range to, say, 100 ports and then select port numbers for static use from the high port range outside this restricted range?
For example, we could restrict the RPC port range to 65435-65535 on Win2k8+ DCs, then whenever we want to define static ports for certain services, we could select any port from 49152-65434 (regardless of whether the DC is Win2k3 or Win2k8+).