here's a very similar version when compared to Jasons;

if a user matches it's login SID, it fine and nothing needs to be changed.

If the SID doesn't match , it builds the ALTER USER command

if the login is missing, it builds a CREATE LOGIN command(with a default password!), and also the ALTER USER command.

depending on your situation, you might not need to create missing logins

SELECT

CASE

WHEN svloginz.name is not null and dbloginz.sid <> svloginz.sid

THEN '--Login Exists but wrong sid: remap!

ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(svloginz.name) + ';'

ELSE 'CREATE LOGIN ' + quotename(dbloginz.name) + ' WITH PASSWORD=N''NotARealPassword'' MUST_CHANGE, DEFAULT_DATABASE=[master], CHECK_EXPIRATION=ON, CHECK_POLICY=ON;

ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(dbloginz.name) + ';'

END

from sys.database_principals dbloginz

LEFT OUTER JOIN sys.server_principals svloginz

on dbloginz.name = svloginz.name

WHERE dbloginz.type IN ('S','U')

AND dbloginz.name NOT IN('dbo','guest','INFORMATION_SCHEMA','sys')