I have an issue where a single PowerShell process is using 20% of the CPU and up to 10GB of RAM . This causing windows resource exhaustion issues. (RADAR). Looking in the IIS processes, i see that PowerShell and ECP are both slammed (powershell more than ecp).
Using the IIS logs i am able to find what looks like an offending user, this specific user has 114K items in the log files, calling ECP and PowerShell.
How can i figure out exactly what commands or processes are being under this powershell session? I know the Process ID and i thought that DebugView would tell me, but Debug logging isnt enabled.
Is there an easier way to tell what cmdlets the process is running? The user is most likely running an exchange powershell script.