When creating new groups in the IDVault, IDM puts them in the same OU as
the users. I've created a rule in the placement policy that I thought
would create groups in the 'groups' OU. But it doesn't seem to work.

Is this the right spot for this sort of rule/operation ?

Here's the rule :

<description>Placement - Publisher Flat</description>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
xml:space="preserve">dn("root\groups"+"\"+SourceNa me())</token-text>