I may be wrong about this, but I'm pretty sure the domain admin can bypass just about any security you put in place. The one thing you can do is disable the local system administrator privileges, but the domain admin can get around anything you can do. If the domain admin isn't trusted by the company, time to hire a new one.
Grant and Blackhawk are right. It is indeed possible to deny permissions to their account, but it would largely be moot since they would have a variety of ways around it. The one way you could prevent an administrator from being able to meaningfully read the data is through encryption. But this creates some complications and some risks that the data may be lost if the keys are lost. As Grant said, if you cannot trust your administrator, get a new one. If you truly need to keep that administrator, but keep the data secure from them, you may want to look at setting up a server on a different domain on which they are not the administrator and store the data there. Of course, keep in mind that without encyrption, someone with some time with the hardware during which they are not observed is likely able to bypass most security anyway. (For one example of how, they could remove the harddrives, read them as an external on a system they do have admin on and copy over the base files for the database. These files could then be attached to a SQL Server they have full control over.)