A. You can't. A domain administrator effectively owns the domain. If you don't trust people, don't make them domain administrators. A domain/forest should have a very small number of domain administrators. All other administrators should be delegated control over particular OUs, objects, or attributes of objects. If you need select users to have administrator rights on certain domain member computers, use Group Policy restricted groups or a script to make those users local administrators—don't make them domain administrators.
You could try to set certain deny permissions on objects, but in the end, if domain administrators really wanted to, they could undo it.