I've been tinkering with a reverse engineering script that might help.

SET NOCOUNT ON;

DECLARE @login NVARCHAR(128)

, @SQL VARCHAR(MAX);

SET @login = 'applogin';

-- GRANT SERVER LEVEL PERMISSIONS --

SELECT[Login] = pri.name

, [GrantServerPermissionSQL] = per.state_desc collate database_default + ' ' + per.permission_name collate database_default + ' TO [' + pri.name collate database_default + '];'

FROMsys.server_permissions per

INNER JOIN sys.server_principals pri ON per.grantee_principal_id = pri.principal_id

WHEREper.class_desc = 'SERVER'

ANDpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP

ANDpri.is_disabled = 0

ANDpri.name = ISNULL(@Login, pri.name)

ORDER BY pri.name;

-- GRANT SERVER LEVEL ROLES --

SELECT[Login] = pri.name

, [GrantServerRoleSQL] = 'EXEC sp_addrolemember @rolename = ''' + rpri.name + ''', @membername = ''' + pri.name + ''';'

FROMsys.server_principals pri

INNER JOIN sys.server_role_members rm ON pri.principal_id = rm.member_principal_id

INNER JOIN sys.server_principals rpri ON rpri.principal_id = rm.role_principal_id

WHEREpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP

ANDpri.is_disabled = 0

ANDpri.name = ISNULL(@Login, pri.name);

-- GRANT DATABASE LEVEL PERMISSIONS --

CREATE TABLE #Logins (

sid VARBINARY(85)

);

INSERT INTO #Logins (sid)

SELECTsid

FROMsys.server_principals

WHEREtype IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP

ANDis_disabled = 0

ANDname = ISNULL(@Login, name)

ANDprincipal_id != 1; -- sa

CREATE TABLE #DBSecurity (

RowId INT IDENTITY(1,1)

, DBName NVARCHAR(128)

, SQLStmt VARCHAR(MAX)

);

SET @SQL = 'USE [?];

INSERT INTO #DBSecurity (DBName, SQLStmt)

SELECTDB_NAME()

, ''USE [?];''

UNION ALL

SELECTDB_NAME()

, ''IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + dp.name + '''''') AND EXISTS (SELECT 1 FROM sys.server_principals WHERE name = '''''' + sp.name + '''''') CREATE USER ['' + dp.name + ''] FOR LOGIN ['' + sp.name + ''];''

FROMsys.database_principals dp

INNER JOIN sys.server_principals sp ON dp.sid = sp.sid

INNER JOIN #Logins tmp ON tmp.sid = dp.sid

UNION ALL

SELECTDB_NAME()

, ''EXEC sp_addrolemember @rolename = '''''' + dr.name + '''''', @membername = '''''' + dp.name + '''''';''

FROMsys.database_principals dp

INNER JOIN sys.database_role_members rm ON rm.member_principal_id = dp.principal_id

INNER JOIN sys.database_principals dr ON rm.role_principal_id = dr.principal_id

INNER JOIN #Logins tmp ON tmp.sid = dp.sid

UNION ALL

SELECTDB_NAME()

, ''IF EXISTS (SELECT 1 FROM sys.objects WHERE name = '''''' + o.name + '''''') AND EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + dp.name + '''''') '' + p.state_desc + '' '' + p.permission_name + '' ON ['' + s.name + ''].['' + o.name collate database_default + ''] TO ['' + dp.name + ''];''

FROMsys.database_principals dp

INNER JOIN sys.database_permissions p on p.grantee_principal_id = dp.principal_id

INNER JOIN sys.objects o on p.major_id = o.object_id

INNER JOIN sys.schemas s on o.schema_id = s.schema_id

INNER JOIN #Logins tmp ON tmp.sid = dp.sid;

';

EXEC sp_msforeachdb @SQL;

SELECTDBName

, SQLStmt

FROM#DBSecurity

order by RowId;

DROP TABLE #Logins;

DROP TABLE #DBSecurity;

-- SET DEFAULT DB --

SELECT[Login] = pri.name

, [SetDefaultDBSQL] = 'ALTER LOGIN [' + pri.name + '] WITH DEFAULT_DATABASE = [' + pri.default_database_name + '];'

FROMsys.server_principals pri

WHEREpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP

ANDpri.is_disabled = 0

ANDpri.name = ISNULL(@Login, pri.name)

ORDER BY pri.name;