What you are trying to do is not really doable. Domain Admins group have Take Ownership right on AD domain level, and through local admin rights, thus they can easily take ownership over the object and modify permissions as they wish. Using Deny permissions is not a security control.
If you don't trust your admins, fire and find another one. Or do not grant excessive permissions. Do not ever use Deny permissions. If you do -- you are doing something wrong.
Why are the Domain Admins group deny rights not enforced, while the 'personal' account is?
because UAC do not include Domain Admins group token in Windows Explorer session. That is, explorer doesn't recognize them as domain admins, as the result, Deny permissions are not enforced.