here's a very similar version when compared to Jasons;
if a user matches it's login SID, it fine and nothing needs to be changed.
If the SID doesn't match , it builds the ALTER USER command
if the login is missing, it builds a CREATE LOGIN command(with a default password!), and also the ALTER USER command.
depending on your situation, you might not need to create missing logins
SELECT
CASE
WHEN svloginz.name is not null and dbloginz.sid <> svloginz.sid
THEN '--Login Exists but wrong sid: remap!
ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(svloginz.name) + ';'
ELSE 'CREATE LOGIN ' + quotename(dbloginz.name) + ' WITH PASSWORD=N''NotARealPassword'' MUST_CHANGE, DEFAULT_DATABASE=[master], CHECK_EXPIRATION=ON, CHECK_POLICY=ON;
ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(dbloginz.name) + ';'
END
from sys.database_principals dbloginz
LEFT OUTER JOIN sys.server_principals svloginz
on dbloginz.name = svloginz.name
WHERE dbloginz.type IN ('S','U')
AND dbloginz.name NOT IN('dbo','guest','INFORMATION_SCHEMA','sys')
Lowell