It occurred to me that I have a script at work do quite something like this. And more. Because I guess you also want to copy permissions for these users?
The below script copy users, roles, role membership and permission from your old database to your new database. It will also drop users, roles, role membership and permissions not in the source database.
Because the script could do more than you want, I have commented out all execution of the dynamic SQL, so when you run it, you will only see the statements. Then you can decide which you want to run and which you do not.
The script requires SQL 2017 to run.
USE abt_ht_new
go
-- Users.
SELECT @sql = string_agg('DROP USER ' + quotename(name), @nl)
FROM (SELECT name
FROM sys.database_principals
WHERE type IN ('U', 'S', 'G')
EXCEPT
SELECT name
FROM abt_ht_new.sys.database_principals
WHERE type IN ('U', 'S', 'G')) AS e
PRINT @sql
--EXEC(@sql)
-- Role membership. (Always ignore certificate users.)
SELECT @sql = string_agg('ALTER ROLE ' + quotename(rolename) + ' DROP MEMBER ' + quotename(username), @nl)
FROM (SELECT r.name AS rolename, u.name AS username
FROM sys.database_principals r
JOIN sys.database_role_members rm ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals u ON rm.member_principal_id = u.principal_id
WHERE u.type <> 'C'
EXCEPT
SELECT r.name AS rolename, u.name AS username
FROM abt_ht_new.sys.database_principals r
JOIN abt_ht_new.sys.database_role_members rm ON rm.role_principal_id = r.principal_id
JOIN abt_ht_new.sys.database_principals u ON rm.member_principal_id = u.principal_id
WHERE u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- Roles.
SELECT @sql = string_agg('DROP ROLE ' + quotename(name), @nl)
FROM (SELECT name
FROM sys.database_principals
WHERE type = 'R'
EXCEPT
SELECT name
FROM abt_ht_new.sys.database_principals
WHERE type = 'R') AS e
PRINT @sql
--EXEC(@sql)
-- Permissions on object level.
SELECT @sql = string_agg('REVOKE ' + permission_name COLLATE database_default + ' ON ' +
quotename(schemaname) + '.' + quotename(objname) +
' FROM ' + quotename(username), @nl)
FROM (SELECT dp.permission_name, s.name AS schemaname, o.name AS objname, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN sys.objects o ON dp.major_id = o.object_id
JOIN sys.schemas s ON s.schema_id = o.schema_id
WHERE dp.class_desc = 'OBJECT_OR_COLUMN'
AND u.type <> 'C'
EXCEPT
SELECT dp.permission_name, s.name AS schemaname, o.name AS objname, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN abt_ht_new.sys.objects o ON dp.major_id = o.object_id
JOIN abt_ht_new.sys.schemas s ON s.schema_id = o.schema_id
WHERE dp.class_desc = 'OBJECT_OR_COLUMN'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- Permissions on schema level...
SELECT @sql = string_agg('REVOKE ' + permission_name COLLATE database_default + ' ON SCHEMA::' +
quotename(schemaname) + ' FROM ' + quotename(username), @nl)
FROM (SELECT dp.permission_name, s.name AS schemaname, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN sys.schemas s ON dp.major_id = s.schema_id
WHERE dp.class_desc = 'SCHEMA'
AND u.type <> 'C'
EXCEPT
SELECT dp.permission_name, s.name AS schemaname, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN abt_ht_new.sys.schemas s ON dp.major_id = s.schema_id
WHERE dp.class_desc = 'SCHEMA'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- And database permissions.
SELECT @sql = string_agg('REVOKE ' + permission_name COLLATE database_default +
' FROM ' + quotename(username), @nl)
FROM (SELECT dp.permission_name, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE dp.class_desc = 'DATABASE'
AND u.type <> 'C'
EXCEPT
SELECT dp.permission_name, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE dp.class_desc = 'DATABASE'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-------------------------------------- Grant permissionss only in the old dev/test database. ---------------------------
-- Users.
SELECT @sql = string_agg('CREATE USER ' + quotename(name) + without, @nl)
FROM (SELECT name, IIF (type = 'S' and suser_sname(sid) IS NULL, ' WITHOUT LOGIN', '') AS without
FROM abt_ht_new.sys.database_principals
WHERE type IN ('U', 'S', 'G')
EXCEPT
SELECT name, IIF (type = 'S' and suser_sname(sid) IS NULL, ' WITHOUT LOGIN', '') AS without
FROM sys.database_principals
WHERE type IN ('U', 'S', 'G')) AS e
PRINT @sql
--EXEC(@sql)
-- Roles
SELECT @sql = string_agg('CREATE ROLE ' + quotename(name), @nl)
FROM (SELECT name
FROM abt_ht_new.sys.database_principals
WHERE type = 'R'
EXCEPT
SELECT name
FROM sys.database_principals
WHERE type = 'R') AS e
PRINT @sql
--EXEC(@sql)
-- Role memmbership..
SELECT @sql = string_agg('ALTER ROLE ' + quotename(rolename) + ' ADD MEMBER ' + quotename(username), @nl)
FROM (SELECT r.name AS rolename, u.name AS username
FROM abt_ht_new.sys.database_principals r
JOIN abt_ht_new.sys.database_role_members rm ON rm.role_principal_id = r.principal_id
JOIN abt_ht_new.sys.database_principals u ON rm.member_principal_id = u.principal_id
WHERE u.type <> 'C'
EXCEPT
SELECT r.name AS rolename, u.name AS username
FROM sys.database_principals r
JOIN sys.database_role_members rm ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals u ON rm.member_principal_id = u.principal_id
WHERE u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- Object level permissions.
SELECT @sql = string_agg(state_desc + ' ' + permission_name COLLATE database_default + ' ON ' +
quotename(schemaname) + '.' + quotename(objname) +
' TO ' + quotename(username), @nl)
FROM (SELECT dp.state_desc, dp.permission_name, s.name AS schemaname, o.name AS objname, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN abt_ht_new.sys.objects o ON dp.major_id = o.object_id
JOIN abt_ht_new.sys.schemas s ON s.schema_id = o.schema_id
WHERE dp.class_desc = 'OBJECT_OR_COLUMN'
AND u.type <> 'C'
AND EXISTS (SELECT *
FROM sys.objects o2
JOIN sys.schemas s2 ON s2.schema_id = o2.schema_id
WHERE s2.name = s.name
AND o2.name = o.name)
EXCEPT
SELECT dp.state_desc,dp.permission_name, s.name AS schemaname, o.name AS objname, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN sys.objects o ON dp.major_id = o.object_id
JOIN sys.schemas s ON s.schema_id = o.schema_id
WHERE dp.class_desc = 'OBJECT_OR_COLUMN'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- On schema level.
SELECT @sql = string_agg(state_desc + ' ' + permission_name COLLATE database_default + ' ON SCHEMA::' +
quotename(schemaname) + ' TO ' + quotename(username), @nl)
FROM (SELECT dp.state_desc, dp.permission_name, s.name AS schemaname, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN abt_ht_new.sys.schemas s ON dp.major_id = s.schema_id
WHERE dp.class_desc = 'SCHEMA'
AND u.type <> 'C'
AND EXISTS (SELECT *
FROM sys.schemas s2
WHERE s2.name = s.name)
EXCEPT
SELECT dp.state_desc, dp.permission_name, s.name AS schemaname, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
JOIN sys.schemas s ON dp.major_id = s.schema_id
WHERE dp.class_desc = 'SCHEMA'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)
-- On database...
SELECT @sql = string_agg(state_desc + ' ' + permission_name COLLATE database_default +
' TO ' + quotename(username), @nl)
FROM (SELECT dp.state_desc, dp.permission_name, u.name AS username
FROM abt_ht_new.sys.database_permissions dp
JOIN abt_ht_new.sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE dp.class_desc = 'DATABASE'
AND u.type <> 'C'
EXCEPT
SELECT dp.state_desc, dp.permission_name, u.name AS username
FROM sys.database_permissions dp
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE dp.class_desc = 'DATABASE'
AND u.type <> 'C') AS e
PRINT @sql
--EXEC(@sql)