I want to scan an IP range and check if any IPs in that scope have RDP enabled on other ports than 3389. I've tried this to confirm that the server has RDP:

nmap --script rdp-enum-encryption -p 33999 -n -Pn -sS -T4 1.2.3.4

And tried this but takes so long (about 40 Seconds) to check only 1 IP:

nmap -sV --script unusual-port --script rdp-enum-encryption -p 33999 -n -Pn -sS -T4 1.2.3.4

What I want to do is to scan an IP range for RDP and confirm they have RDP enabled. Because sometimes default RDP is enabled on a server but the server itself is Linux or that 3389 port do something else. So in summary, Scan an IP range with a range of ports like 3380-3389 and check if they are really RDP or no.

EDIT:

Also tried this but it taking so long to scan ports. All I want is to check if Service Version is RDP or no.

nmap -T5 -p T:33999 -sV --version-intensity 1 -iL ips.txt -oG rdp.txt --min-rate=50000 -sS -n -Pn --open -vv